Producer and Former Apple Exec Wants Femtocells at ‘Fun Home’

But the hacking risk is cause for concern

Imagine one of these in the lobby of a Broadway theater- that's what one producer and former Apple exec wants. (Flickr)

Imagine one of these in the lobby of a Broadway theater- that’s what one producer and former Apple exec wants. (Flickr)

Scott Forstall, an Apple executive who left the company in 2012 because his abrasive personality created conflicts with management, is now a Tony-winning producer. The former Silicon Valley bigwig put money into Fun Home, which last night won five Tony Awards, including Best Musical. Mr. Forstall, who told the Wall Street Journal that he has long been interested in the intersection of theater and technology, helped out with digital marketing and negotiated the show’s partnerships with Uber and Yelp.

One of Mr. Forstall’s suggested innovations, however, might not be the fail-safe method he hopes it is. To overcome the hurdle that many Broadway theaters (including the Circle in the Square, where Fun Home is playing) have terrible cell phone service, Mr. Forstall wants to bring mini-cell towers, otherwise known as femtocells, into the theater lobby so audience members can spread the word about the show on social media (though he said he agrees with conventional theater policy to turn off cell phones during the show).

Before he gets too gung ho, however, there are practical risks to femtocells that Mr. Forstall should consider.

On principle femtocells are a lot like regular cell towers, at least from the phone’s perspective- the mobile device always connects with the strongest nearby signal, whether it’s a regular cell tower or a femtocell.

But there are some crucial differences which make femtocells more risky. Femtocells, signal booster relays which can be bought at Verizon for $250, can be used to intercept phone calls, text messages and data from any device connected to it. Any phone which is within 40 feet of a femtocell is automatically connected to the device—there is no choice whether or not to join, unlike on a Wi-Fi network.

Researchers from iSec Partners, an information security firm, proved this by tapping into two femtocells. They intercepted audio off an iPhone, and they were also able to trick iMessage (which normally encrypts text messages so the NSA can’t read them) into defaulting to SMS (unencrypted plain text) so they could retrieve the texts.

Some femtocells can also “clone” cell phones by remotely collecting the device ID number so the network thinks both phones are the same device— hackers can make phone calls or use data, and the usage is all charged to the victim (admittedly such attacks are rare- the risk of eavesdropping is greater than that of cloning).

Verizon now offers a patch to affected femtocells, and other wireless carriers have released signal boosters which require an extra level of authentication. The iSec researchers also want carriers to require femtocell owners to provide a list of devices approved to join their network, to prevent unauthorized access.

But given the many dangers inherent in femtocell use, it’s not a good idea to stick one in a Broadway lobby. Anyone who wants to use their phones to discuss Fun Home should wait until they get outside the theater— that way the good buzz Mr. Forstall so craves won’t be trolled by hackers.