14 Jul 2011

Vodafone devices vulnerable to attack

While new revelations continue to surface regarding cell phone hacking done by the British tabloid News of the World, The Hacker's Choice, a group devoted to exposing computer security threats, recently announced it discovered a critical vulnerability affecting Vodafone's United Kingdom Mobile Phone Network.

According to THC, hackers could easily exploit Femto Cells, which are small routers used to boost Vodaphone mobile device signals. The Femto links to a user's home internet, where it collects confidential information unique to the user before connecting to the Vodaphone network.

Femtos are registered to individual users, but THC hackers say they discovered administrator access to every Femto is protected by the same password: newsys. THC says it was able to unlock Femtos, after which any Vodaphone customer using a handset within 50 meters of the open Femto could be victimized. Attackers could listen in on phone calls, access other people's voicemail and make calls billed to other subscribers' accounts. Using their administrator access, THC alleges it was also able to infiltrate the Vodafone Core Network where user data is stored.

Recent reports indicate cyber criminals are increasingly targeting mobile devices, which users are less diligent about protecting than home computers.