This presentation deals with Femtocells – small, low-power cellular base stations typically designed for use in a home or small businesses that are now being introduced to service LTE customers all over the world.
We will cover methodologies to approach femtocell device auditing and ways to get the device firmware, how to analyze it and find vulnerabilities within them. We will also look at how we can MITM the device to expose SMS, voice, and call data packets sent and received through the exposed femtocell.
In addition I will also cover how to reach the femtocell management interface via the femtocell itself and release a few femtocell related 0-days including:
– Device Remote Code Execution
– HeMS Server RCE (bypass admin session)