Reports on Thursday suggest that research claim to have discovered that Vodafone's Sure Signal femtocells can be adopted to listen to mobile phone calls and to intercept text messages. The Vodafone Sure Signal system, which costs as little as £50, is designed to increase mobile phone coverage in areas that gain very low mobile receptions. It is believed the system could have been jeopardised for more than three years prior to the latest research.
Researchers have found that hackers could have used the femtocells to hijack any mobile phone number, make calls and send SMS messages from the number they had access to. In addition to listening to mobile calls, the modified device could be used for call fraud - meaning the victim would foot the bill for any calls or SMS messages sent from their device without their knowledge The Hackers Choice (THC) said on Thursday.
Researchers said: "THC is now able to turn this femtocell into a full-blown 3G/[UMTS]/W-CDMA interception device," the group said in a blog post. "Once you have root access to the internal Linux that drives the femtocell, you can do all the attacks that we described," Steiner told ZDNet UK.
The technology has become very popular with cell phone companies especially in the U.S. with companies like AT&T rolling the device out nationwide. Due to a flaw in the new Vodafone system, it gave full access to the network to the femtocell, a device the hackers had full control of.
THC, which was set up in Germany in 1995, first started researching Sure Signal femtocells in August 2009. It halted this research on 14 July, 2010 and decided not to publish its results immediately, in part to give Vodafone time to come up with a solution, according to Steiner. Vodafone may have fixed the loophole that let THC gain root access, Steiner said, but he did not know for certain. There are other known ways to get that access, the researcher added.
The latest news about the hacking of Vodafone Sure Signal comes as U.K. and U.S. security services continue to probe the phone hacking scandal that has engulfed News Corp. The F.B.I are launching an investigation on the back of reports in the Daily Mirror that 9/11 victims voicemails were hacked in a similar way to how hackers broke the security system on the Vodafone Sure Signal system. Rebekah Brooks could come under investigation in the U.S. as she was the Editor of the News of the World at the time. Senator Barbara Boxer has warned that Murdoch, who owns Fox TV in the U.S., risks having his media licence removed if such hacking can be proved.
The allegations surfaced in the Daily Mirror on Monday claiming that an unnamed former New York police officer was offered money by News of the World journalists to retrieve private phone records of dead victims - particularly British born victims. As the phone hacking scandal grows with every day researchers have warned that other security flaws in Vodafone Sure Signal could be discovered.
Vodafone claim they have fixed the fault.