Femtocells are devices that various cellphone network operators rely on to extend wireless service into low-coverage areas around the world. They’re small boxes, like your average cable modem. They can simply be positioned where required in order to extend the network (“network extenders” is, in fact, what they’re commonly known as). CNN indicates that current analyses suggest that as many as 50 million of them will be in regular use by next year.
And yet, just recently it was discovered that there is a giant security hole in this femtocell technology, which allows a malicious hacker to eavesdrop on everything that a selected target did with their phone using one of these extenders. CNN Money reports that iSEC Partners’s researchers were actually able to record a phone conversation and play it back for them, in addition to tracking browsing history, text messages, and pictures.
In short, if an attacker has access to the network extender, it seems possible to simply track everything you do with your phone. iSEC focused on femtocells that rely on Verizon’s 3G CDMA network after discovering this gaping flaw sometime last year. But it is very likely that similar flaws exist across all network extenders. Verizon, of course, claims that it has attended to this problem:
"The demonstration CNN saw was for an identified issue that was fixed earlier this year on all network extender devices. The fix prevents the network extender from being compromised in the same manner."
Meanwhile, the devices themselves are made by Samsung, which has made similar statements to the effect that the flaw in question has been rectified. Now, while it is true that the femtocell hack is a somewhat specialized operation—it isn’t likely to be carried out by some small-time crook—such exploits are becoming an increasing part of our tech-enabled lifestyles.
These kinds of “small-cell” technologies are featuring more and more prominently in businesses, homes, major malls, and various other public locations. Such security flaws present ample cause for concern.
BlackBerry demonstrates Secure Work Space service
That’s why you should consider BlackBerry’s recent security offering for both iPhones and Android-based devices. Remember BlackBerry (NASDAQ: BBRY)? It used to be hot property, but lack of innovation and competition means the company fell to a meager fourth in the smartphone wars. Now, it’s come out with a security device that is actually garnering major attention, and could be the return of the company’s good name.
The new service is called “Secure Work Space,” reports CNN Money, and it basically allows users of iPhones and Android devices to switch between a ‘normal’ personal mode and a more secure ‘corporate’ mode. Thus, the service aims to give companies far greater control over the data that is transmitted over their networks, regardless of whether it’s used on a person’s cellphone or not. Thus, companies can “cordon off” sensitive information like corporate email, calendars, and contact information. Various “apps” can be added or removed from this cordon-zone as necessary. What this means is a walling-off of sensitive data; thus, you can’t just copy and paste material from an app that’s within the corporate zone to an app that’s in your personal zone.
Of course, it remains to be seen how much the market will respond to BlackBerry’s offering. It hasn’t exactly been a good few years for the company. And others—Samsung for example—have been working on their own security systems. Samsung’s “Knox” service works much like the BlackBerry offering, and it aims at the Galaxy S4 devices. That being said, the BlackBerry name still commands some respect, so if the service is all it is touted to be, then we could see a good boost to BlackBerry’s market position.
Secure Work Space, reports Nasdaq, is based on the BlackBerry Enterprise Service 10 and offers the same device server and network security that is offered to standard BlackBerry smartphones, and covers both data-at-rest and data-in-transit.
The Enterprise 10 server can be downloaded for free; however, an annual client access license for Secure Work Space is expected to cost around $99 per year per device. Given that some 200 million employees are expected to bring their own mobile devices to work by 2016, this is a major market we’re talking about. This is an interesting move by BlackBerry, and we’re going to have to wait and see how it plays out.