Skip to main content

AT&T's 3G MicroCell 'full of fail' thanks to wide open root access, claims fail0verflow

AT&T's 3G MicroCell 'full of fail' thanks to wide open root access, claims fail0verflow


Hacker group fail0verflow claims to have discovered an easy method for running arbitrary commands with root access remotely on AT&T's 3G MicroCell.

Share this story

If you buy something from a Verge link, Vox Media may earn a commission. See our ethics statement.

Most AT&T customers don't have to worry about the 3G MicroCell — it's a femtocell, a device designed specifically to create a small cloud of 3G cellular coverage using your wired internet connection, which means you only need it if your home or office doesn't have enough signal to reliably hold calls. For those who do need it, though, it can be a lifesaver and the only thing stopping customers from leaving for another network.

Hacker group fail0verflow — best known for unveiling the PlayStation 3's private key, allowing arbitrary programs to be run by users — has turned its attention to the MicroCell, detailing its findings in a recent blog post. In a word, Cisco (which makes the MicroCell for AT&T) seems to have done some sloppy work securing the device, if fail0verflow's claims are to be believed: it appears that users can connect to the WAN port and run Linux commands with root access without any authentication required whatsoever. Output is automatically directed to a fixed IP (presumably controlled by AT&T), but it's a simple matter to redirect those packets to another computer of the user's choosing. Amazingly, Cisco's command execution operation is said to be called "BackdoorPacketCmdLine."

If you use the MicroCell behind a firewalled router, it's not necessarily a big deal since malicious hackers wouldn't have an easy way to connect to the device remotely. If you use it connected directly to your modem, though, and let the MicroCell pass packets through to your home network — the configuration AT&T recommends for optimal call quality — it could be a bigger concern. fail0verflow hasn't yet detailed what they've been able to do with the capability, but regardless, Cisco and AT&T should be looking to get it patched as quickly as possible.