Vodafone femtocells hacked, root password revealed

vodafone_femtocell_network_diagram

As phone systems have evolved over time, the desire to break them and exploit their usage continues to flourish. Just recently, [The Hacker’s Choice (THC)] announced that they had accessed secure data from Vodafone’s mobile phone network last year, via their femtocell product.

The purpose of the femtocell is to extend mobiile network coverage to locations where reception might not be ideal, routing calls to Vodafone’s network via IPSec tunnels. [THC] knew that this meant the femtocells required a high-level of interaction with the carrier’s traditional mobile network, so they started poking around to see what could be exploited.

After gaining administrative access to the femtocell itself using the root password “newsys”, they found that they were able to allow unauthorized users to utilize the service – a simple ToS violation. However, they also had the ability to force any nearby Vodafone subscriber’s phone to use their femtocell. This enabled them to request secret keys from Vodafone, which they could then use to spoof calls and SMS messages from the victim’s phone without their knowledge.

They have been kind enough to release all of the pertinent information about the hack on their wiki for any interested parties to peruse. Now we’re just wondering how long it takes before stateside carriers’ femtocells are exploited in the same fashion.

[Thanks, kresp0]

Vodaphone ringtone music commercial

When we first saw Vodaphone’s ringtone commercial where 1000 cell phones perform a section of the William Tell overture, we just assumed it was some slick video editing, not to be taken seriously. Apparently, we were wrong. They actually did this. They actually sent text messages to all the phones in correct timing to play the music.  In the video after the break, you can see some details on how they pulled it off. They had to perform this during non peak usage hours to ensure that all their texts went through. We think this project is pretty impressive. Actually, we still don’t know how they pulled it off, we can’t seem to predict how long a text message will take to reach its destination with any kind of reproducible accuracy.

[Read more...]

Follow

Get every new post delivered to your Inbox.

Join 96,322 other followers