Modern cellular networks can generally be counted on for fairly good security, which is why it was shocking to read that hackers were able to rewrite the software in Vodafone Sure Signal femtocells allowing them to be used to record any voice call made through them. Not only that, the hacked femtocells could then be used to place calls or send SMS messages on somebody else's SIM card once their phone is registered with the hacked femtocell.
According to The Hacker's Choice (THC), the exposure stems from the fact that all the Vodafone femtocells use the same root password. Based on that, the culprits were able to access the core software of the device and rewrite it; the details are provided on their Wiki.
This was not a simple project. There are a number of safeguards on the femtocells, including one that would allow Vodafone to access and disable it remotely. The function was hardware based, but they claim to have been able to thwart it with a soldering iron.
In a press release issued July 13, Vodafone says, "The claims regarding Vodafone Sure Signal...relate to a vulnerability that was detected at the start of 2010. A security patch was issued a few weeks later automatically to all Sure Signal boxes."
We’ll be watching this story as it develops.
