Hacking Femtocells presented at t2 2010

by Kevin Redon (Security in Telecommunications), Ravishankar Borgaonkar (Security in Telecommunications),

Tags: Others Security

URL : http://t2.fi/schedule/2010/#speech1

Summary : Femtocell is emerging as a new technology to enhance third generation (3G) coverage and to provide assurance of always best connectivity in the 3G telecommunication networks. It acts as an access point that securely connect standard mobile stations to the cellular operator's core network using existing wired broadband connection. Increased network capacity, lower capital costs, expanded revenue opportunities are some key benefits to the mobile service operator whereas for a user increased indoor coverage, higher speed performance data, higher quality voice, and higher multimedia experience. A femtocell can be deployed in operator- owned spectrum and in the users premises, for example, home, office, and enterprise.

In this talk, we evaluate various security aspects, in particular, location verification techniques used in the femtocell security architecture, device security mechanisms and secure software update process. We show that these various location techniques are inadequate to avoid the misuse of the femtocell technology. In addition, we also show that security solutions related to hardware security of the femtocell described in the 3GPP specifications are insufficient. Further, we show how easy to hack the femtocell devices and to get access to the confidential information stored on the device.

Kevin Redon: Kevin Redon received his bachelor of Computing from Napier University Edinburgh, Scotland. He is now finishing his Master degree in Computing with specialization in Communication Systems at the Technical University of Berlin. while doing masters, he joined the Security in Telecommunication work group in co-operation with the T-labs. His research interest includes network security, in particular telecommunication network as GSM/UMTS, peer to peer networks, and smart cards security.

Ravishankar Borgaonkar: Ravishankar B. Borgaonkar received his M.Sc. (Tech) degrees in security and mobile computing (http://nordsecmob.tkk.fi/) from both Royal Institute of Technology (KTH) and Helsinki University of Technology (TKK) in August 2009. After the graduation, he continued his doctoral studies at the Security in Telecommunication department in Technical University of Berlin. His research interest includes embedded systems security, M2M security and computer & network security.