Small Cell, Big Risk: A Security Assessment of 4G LTE Femtocells in the Wild
Yaru Yang
Network and Distributed System Security (NDSS) Symposium 2026 · Day 3 · AI & Web Security
As mobile networks evolve and data demand surges, operators have turned to **femtocells** -- small, low-cost base stations designed for indoor deployment in homes and offices -- to extend cellular coverage. But this convenience comes with a dramatic shift in the trust boundary of cellular infrastructure. Unlike traditional macro base stations protected by physical isolation and dedicated links, femtocells sit in user-accessible environments, connect to the core network over the public internet, and can be purchased on the secondhand market for as little as **$10 USD**. This talk presents a systematic security assessment of commercial **4G LTE femtocells**, revealing five common vulnerability classes across six (later eight) commercial devices from different vendors, demonstrating real-world attack impact on both user equipment and core network integrity, and conducting an internet-scale measurement that identified over **86,000 suspected femtocells** globally -- hundreds of which matched the fingerprints of known vulnerable models.
AI review
A thorough, hands-on security assessment of commercial 4G LTE femtocells that reveals five vulnerability classes across eight devices from different vendors, demonstrates practical SMS/call/data interception, and backs it up with an internet-scale scan finding 86,000+ exposed devices. This is real-world offensive research with tangible impact on 3GPP standards.