Vodafone Sure Signal femto flaws could enable widespread phone hacking

Self-styled security research collective The Hacker's Choice has revealed flaws in Vodafone's Sure Signal femtocell product which it claims could allow hackers to listen to other Vodafone UK users' calls, access their voicemails and even make calls via the victim's phone.

The revelations come as media mogul Rupert Murdoch's empire comes under increasing pressure as cases of alleged widespread voicemail hacking by News International journalists continue to come to light.

The Hacker's Choice explained in a blog post and more fully in a wiki entry that it had managed to reverse-engineer the equipment, which acts as a home router to boost a mobile phone's 3G signal when indoors, and turn it into a "full blown 3G/UMTC/WCDMA interception device".

The group said that it found two main flaws. The first allows anyone, not just registered customers, to use the femtocell device. The second turns it into an International Mobile Subscriber Identity grabber for any phone within 50 metres.

This information could enable a hacker effectively to listen in on the calls and voicemails of any phone within range of the compromised Sure Signal, or make calls appearing to be from that device.

The group also gave details on how to "stop the femto from reporting errors and alarms back to Vodafone" and prevent unwanted updates, as well as removing a "Vodafone tracking backdoor" so that the operator cannot locate any hacked Sure Signal device.

Luis Corrons, technical director at Panda Security, warned that the hack represents a "big problem" for Vodafone, especially given that The Hacker's Choice had been working on it since 2009.

"They could have known about this for over a year," he told V3.co.uk. "The problem is not that these guys knew, but that anyone could have found the same vulnerability or even that this information could have been sold to [cyber criminals]."

At the time of writing Vodafone is aware of the problem and is working on a response.