Security analysis of a femtocell device

  • Authors:

  • Ravishankar Borgaonkar;Kevin Redon;Jean-Pierre Seifert

  • Affiliations:

  • Technical University of Berlin & Deutsche Telekom Laboratories, Berlin, Germany;Technical University of Berlin & Deutsche Telekom Laboratories, Berlin, Germany;Technical University of Berlin & Deutsche Telekom Laboratories, Berlin, Germany

  • Venue:
  • Proceedings of the 4th international conference on Security of information and networks
  • Year:
  • 2011

Quantified Score

Hi-index 0.00

Visualization

Abstract

Mobile network operators are adapting femtocells in order to simplify their network architecture for increased coverage, performance, and greater revenue opportunities. While emerging as a new low-cost technology which assures best connectivity, it has also introduced a range of new potential security risks for the mobile network operators. In this paper, we analyze these security issues and demonstrate the weaknesses of femtocell security. We demonstrate several security flaws that allowing attackers to gain root access and to install malicious applications on the femtocell. Furthermore, we experimentally evaluate and show a wide range of possible threats to femtocell; including compromise of femtocell credentials; physical, configuration, and protocol attacks; user data and identity privacy attacks. The vulnerabilities we found suggest that commercial-available femtocells fail to fulfill 3GPP security requirements and could expose operator network elements to the attacker. Our findings and successful attacks exhibit the need for further research to bridge the gap between theoretical and practical security of femtocell devices.