Vodafone Hacked – Root Password published

Vodafone Hacked – Root Password published

The Hacker’s Choice (http://www.thc.org) announced a security problem with Vodafone’s Mobile Phone Network today.
An attacker can listen to _any_ UK Vodafone customer’s phone call.
An attacker can exploit a vulnerability in 3G/UMTS/WCDMA – the latest and most secure mobile phone standard in use today.
The technical details are available at http://wiki.thc.org/vodafone.
THC was not immediately available for comments but an associated member of the group commented that ‘the problem lies within Vodafone’s Sure Signal / Femto equipment’.
A Femto Cell is a tiny little home router which boosts the 3G Phone signal. It’s available from the Vodafone Store to any customer for 160 GBP.
THC managed to reverse engineer – a process of revealing the secrets – of the equipment. THC is now able to turn this Femto Cell into a full blown 3G/UMTC/WCDMA interception device.
Eduart Steiner, Senior Security Researcher, explains the details to us:
“A Femto is linked to the Vodafone core network via your home Internet connection. The Femto uses this access to retrieve the secret key material of a Vodafone customer who wants to use the Femto.”
“The Femto can only be used by the person who purchased the femto. At least that is what Vodafone tells you.”
THC found a way to circumvent this and to allow any subscriber – even those not registered with the Femto – to use the Femto. They turned it into an IMSI grabber.”
“The second vulnerability is that Vodafone grants the femto to the Vodafone Core Network HLR /AuC which store the secret subscriber information. This means an attacker with administrator access to the Femto can request the secret key material of a UK Vodafone Mobile Phone User”.Vodafone logo
This is exactly what happened. The group gained administrator access to the Femto. An attacker can now retrieve the secret key material of other Vodafone customers.
This secret key material enables an attacker to listen to other people’s phone calls and to impersonate the victim’s phone, to make phone calls on the victim’s cost and access the victim’s voice mail.
The easiness at how fast THC was able to get to these secrets is shocking. “This is clearly a design flaw by Vodafone.” says Eduart Steiner. “It is disgusting to see that a major player like Vodafone chooses ‘newsys’ as the administrator password, thus allowing anyone to retrieve secret data of other people”.
In light of recent the Phone Hacking Scandal involving the News of the World the question has to be asked if Vodafone should be held liable for not protecting their customers adequately.
Who is liable if the brakes on my car malfunction? The drive or the manufacture? Or the guys who tell us how insecure they are?
Vodafone was not available to comment.
There’s an update from vodafone.co.uk, you can see at comments section below.
(Visited 828 times, 1 visits today)

Share this article if you found this post was useful:

Blogger at hacking-tutorial.com. Love PHP, offensive security and web.
Contact him at me[-at-]vishnuvalentino.com

See all posts by || Visit Website : http://www.vishnuvalentino.com

  • Hello,
    I just wanted to pop on here to let you know that you can now see our statement regarding this here: http://goo.gl/zCfG2
    Kind regards,
    Web Relations Team
    Vodafone UK

    • v4L

      Thank you Jenny for your confirmation 🙂