As phone systems have evolved over time, the desire to break them and exploit their usage continues to flourish. Just recently, [The Hacker’s Choice (THC)] announced that they had accessed secure data from Vodafone’s mobile phone network last year, via their femtocell product.
The purpose of the femtocell is to extend mobiile network coverage to locations where reception might not be ideal, routing calls to Vodafone’s network via IPSec tunnels. [THC] knew that this meant the femtocells required a high-level of interaction with the carrier’s traditional mobile network, so they started poking around to see what could be exploited.
After gaining administrative access to the femtocell itself using the root password “newsys”, they found that they were able to allow unauthorized users to utilize the service – a simple ToS violation. However, they also had the ability to force any nearby Vodafone subscriber’s phone to use their femtocell. This enabled them to request secret keys from Vodafone, which they could then use to spoof calls and SMS messages from the victim’s phone without their knowledge.
They have been kind enough to release all of the pertinent information about the hack on their wiki for any interested parties to peruse. Now we’re just wondering how long it takes before stateside carriers’ femtocells are exploited in the same fashion.
[Thanks, kresp0]
eesh! this could be pretty bad news if the AT&T femtocells get the same treatment.
But what color is the box that I use to do it?
Check this story on the register:
http://www.theregister.co.uk/2011/07/14/voda_dismisses_femtocell_base_station_hack/
god damnd old! THC is presenting stuff from 2009.
LAAAME !
I hope that ATT does get hit with this, it would put a nice big smile on my face if they get some problems and have any difficulty what so ever with this exploit.
Anyone notice the Vodafone ad below this article! ;)
LONG LIVE #ANTISEC!!!
Nice, but I want GSM/UTMS -> hacked femtocell -> VoIP
50£ for a Vodafone Sure Signal, anyone buying one?
Yeah, this is old news and was patched months ago. The ‘gaining root access’ pieces are sound but any risk to Voda’s network is overstated at best.
Wow a trusted source MITM attack. Color me impressed :P
1974 called and wants its “hack” back.
its cool
The diagram is wrong; The HLR is interfaced with the SGSN via the Gr interface for MAP signalling, not the GGSN!!
http://www.theregister.co.uk/2011/07/14/voda_dismisses_femtocell_base_station_hack
were can I find the patch umts_sniffer