The Hacker’s Choice (http://www.thc.org) announced a security problem with Vodafone’s Mobile Phone Network today. Using standard consumer hardware, THC was able to access Vodafone’s internal network and customer equipment. An attacker can listen to UK Vodafone mobile phone calls.This unprecedented hack was made possible by Vodafone’s Sure Signal, a femtocell (think tiny cell tower) customers plug into their home internet connections for better cell reception.
The technical details are available at http://wiki.thc.org/vodafone.
THC purchased its femtocell from Vodafone UK and examined how the device communicated to Vodafone’s core network. They discovered that because of a flaw in how Vodafone implemented its system, it gave full access to the network to the femtocell, a device the hackers had full control of. Vodafone also used the same ‘newsys’ administrator password across all devices.
Vodafone says only a limited number of registered phones are allowed to access each customer’s femtocell.