The Hacker's Choice (THC), a group of computer security researchers, released surprising news about cellular carrier Vodafone UK. Using standard consumer hardware, THC was able to access Vodafone's internal network and customer equipment. This unprecedented hack was made possible by Vodafone's Sure Signal, a femtocell (think tiny cell tower) customers plug into their home internet connections for better cell reception.
THC began researching femtocells in 2009. The technology has become popular with cellphone companies like AT&T, which offers a 3G MicroCell, because the home access points mean better service for customers in areas with spotty coverage. THC purchased its femtocell from Vodafone UK and examined how the device communicated to Vodafone's core network. They discovered that because of a flaw in how Vodafone implemented its system, it gave full access to the network to the femtocell, a device the hackers had full control of. Vodafone also used the same 'newsys' administrator password across all devices.
Vodafone says only a limited number of registered phones are allowed to access each customer's femtocell. The hackers were able to uncap this and let any Vodafone customer phone automatically connect to their device. Once a phone connected, THC was able to eavesdrop on phone conversations, place calls as the customer, and even access their voicemail. With phone hacking in the news every day, we wonder what other security flaws are still waiting to be discovered.