[ISN] Vodafone Sure Signal femto flaws could enable widespread phone hacking

From: InfoSec News <alerts_at_private>
Date: Fri, 15 Jul 2011 02:15:06 -0700 (MST)

By Phil Muncaster
14 July 2011

Self-styled security research collective The Hacker's Choice has 
revealed flaws in Vodafone's Sure Signal femtocell product which it 
claims could allow hackers to listen to other Vodafone UK users' calls, 
access their voicemails and even make calls via the victim's phone.

The revelations come as media mogul Rupert Murdoch's empire comes under 
increasing pressure as cases of alleged widespread voicemail hacking by 
News International journalists continue to come to light.

The Hacker's Choice explained in a blog post and more fully in a wiki 
entry that it had managed to reverse-engineer the equipment, which acts 
as a home router to boost a mobile phone's 3G signal when indoors, and 
turn it into a "full blown 3G/UMTC/WCDMA interception device".

The group said that it found two main flaws. The first allows anyone, 
not just registered customers, to use the femtocell device. The second 
turns it into an International Mobile Subscriber Identity grabber for 
any phone within 50 metres.


Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery
Network, Cisco Switches, SAS 70 Type II Datacenter.
Find peace of mind, Defend your Critical Infrastructure.
Received on Fri Jul 15 2011 - 02:15:06 PDT

This archive was generated by hypermail 2.2.0 : Fri Jul 15 2011 - 02:21:46 PDT