Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vodafone Femtocells Rooted, Secret Keys Exposed

Posted by timothy on from the password-too-weak-try-another dept.

AmiMoJo writes "Hackers have discovered the root password for Vodafone femtocells, devices that provide the user with a mobile phone signal piggybacked onto their home broadband. The root password was 'newsys.' Once root access is obtained, phones can be forced to connect to the cell and private keys captured, allowing the user to spoof the victim's phone and potentially make calls or send texts on their account, not to mention eavesdrop."

10 of 77 comments (clear)

  1. old news by shortscruffydave · · Score: 4, Insightful

    this was fixed in 2010... http://www.theregister.co.uk/2011/07/14/voda_dismisses_femtocell_base_station_hack/

    1. Re:old news by EdZ · · Score: 3, Informative

      They 'fixed' it by changing the default password, not by preventing the devices from sniffing and decrypting data from passers by. Break the new password, and the attack still works as before.

    2. Re:old news by naranek · · Score: 3, Funny

      So I guess the old root password was 'sys'

      --
      Only dumb birds land downwind.
    3. Re:old news by kyz · · Score: 2

      http://thcorg.blogspot.com/2011/07/vodafone-hacked-root-password-published.html

      "What we have seen is that Vodafone fixed the way THC gained administrator access to the femto.

      This of course does not fix the core of the problem: The femto transfers key material from the core network right down to the femto."

      --
      Does my bum look big in this?
    4. Re:old news by Timmmm · · Score: 2

      Because authentication is done on the SIM card. When GSM was created I doubt they were capable of public key cryptography.

  2. Vodafone = Bad by improfane · · Score: 3

    I can't say I am surprised.

    Vodafone are a terrible company. They are one of the most expensive in the UK. They gouge me. I am changing as soon as I can. They claim to offer unlimited texts but if you send a text that is bigger than 160 characters, they charge you. They also don't pay taxes in the UK, they owe 4.8 billion in taxes but our government decided 'to let it go'.

    Now in the UK we're facing cuts to public services, education, electricity rises. I'm not bitter. Vodafone is a bad business. You should change from them and warn people of the same. Didn't they have something to do with Egypt censorship too?

    Their website is also littered with Java exceptions.

    Vodafone = Incompetent

    --
    Slashdot needs Geekcode | Can anyone recommend any good SCIFI? My tastes: Foundation, Startide Rising, CITY, Ringworld,
  3. Not a big thing... by SonOfSengaya · · Score: 2

    ... if you read Harald Welte's blog: http://laforge.gnumonks.org/weblog/2011/07/14/#20110714-vodafone_femtocell_thc

    --
    My spirit takes a journey through my mind...
  4. Re:Streisand by rbrausse · · Score: 2

    according to this press release they reacted. Last year. with an update.

    even THC's wikipage claims that the project was enden mid-2010 because of "too much fun with other things". This hack is very interesting, but more for historical reasons and not because everyone is now vulnerable

  5. End-to-end by bWareiWare.co.uk · · Score: 3, Funny

    Why dose having root on any cell, let alone a femtocell give you the ability to impersonate and eavesdrop? They should be simply forwarding the encrypted streams to/from Vodaphone they have no need to interpret or modify them. In fact it would have been trivial to design a phone system where even the operators can't eavesdrop, encrypting each call with the receiver's public key. The first time you rang a new number you would have to trust you were getting the correct public-key, but any abuse would be easy to detect and prove. This would mean that voice-mail etc. was only accessible with the original SIM, but that may not be too much of a compromise! You could still require that any phone connecting to the network submits its private keys to law enforcement.

    1. Re:End-to-end by bWareiWare.co.uk · · Score: 2

      As you say the cells need to be trusted with the routing and hand-off. Obviously the cell can always block/drop/throttle calls but that don't mean you should trust them with everything.
      To place a call on behalf of a mobile should require a time-limited signed token from the mobile's SIM. Once the call is established it makes no difference if you are routing an unencrypted voice codec or some encrypted data.
      Public-key encryption could simply be used for the initial A5/1 initialization key, the voice data itself can still use a stream cipher.