Korean telco failed at femtocell security, exposed customers to snooping and fraud

South Korea’s Ministry of Science and ICT has found that local carrier Korea Telecom (KT) deployed thousands of badly secured femtocells, leading to an attack that enabled micropayments fraud and snooping on customers’ communications – maybe for years.

Femtocells are customer premises equipment which include a small mobile base station and use a wired broadband service for backhaul into a carrier’s network. Carriers typically deploy them in areas where mobile network signals are weak to improve coverage in and around customers’ homes.

KT deployed thousands of the devices, all of which used the same certificate to authenticate to the carrier’s network. According to analysis by Korean infosec academic and IEEE Fellow Yongdae Kim, the femtocells had no root password, stored keys in plaintext, and were remotely accessible because SSH was enabled.

Attackers could therefore waltz in and retrieve the certificate, then use it to clone a femtocell that ...