Femtocell devices for hacking still widely sold online

“There is a specific route to avoid detection. We have been selling this for 10 years without any issues.”

Reporters from The Dong-A Ilbo received this response on Sept. 22 when they asked a Hong Kong seller of “fake base stations” if the equipment could be brought into South Korea without detection by customs. The devices, which take the form of small base stations called femtocells, were recently used by Chinese suspects in the KT micro-payment case to steal subscriber information. The seller even revealed past sales to Korean buyers and confidently claimed the equipment could reach South Korea within seven to 10 days.

Amid a series of personal data breaches, including the KT micro-payment case and hacks involving SKT and Lotte Card, a check of Chinese online marketplaces by The Dong-A Ilbo on Sept. 22–23 found that femtocell devices similar to those used in these cases remain openly for sale. The devices are publicly traded for at least $10,000 in regular online spaces, not only on the “dark web,” and could be used for hacking.

Vendors claim the devices can forcibly capture mobile phone frequencies within a 5-kilometer range, enabling them to intercept device information. Crimes involving femtocells have been reported in China for over a decade.

Experts warn that the devices could be easily used in South Korea. Kang Min-seok, a KAIST computer science professor, said, “With only minor adjustments, these devices could operate domestically, making security management urgent.” Beyond femtocells, hacking tools and hacking-for-hire services are widely available on the dark web, raising concerns that South Korea is becoming a playground for hackers.


정서영 cero@donga.com