A security flaw with Vodafone's Sure Signal Femtocells, which are designed to boost 3G signals in the home, that would allow hackers to listen to phone calls, has been identified.
The £160 femtocell box is plugged into an internet connection in the home and then improves the 3G signal to ensure 3G signal to eliminate annoying patches where there's no coverage. However The Hacker's Choice reverse engineered the device and managed to turn it into a interception device.
"The Femto can only be used by the person who purchased the femto. At least that is what Vodafone tells you," Eduart Steiner, senior security researcher, said on The Hacker's Choice blog.
"THC found a way to circumvent this and to allow any subscriber - even those not registered with the Femto - to use the Femto. They turned it into an IMSI grabber. The attacker has to be within 50m range of the UK Vodafone customer to make the customer's phone use the attacker's femto."
As a result, THC said the flaw means hackers would be able to "listen to other people's phone calls and to impersonate the victim's phone, to make phone calls on the victim's cost and access the victim's voice mail".
Vodafone said the flaw relates "to a vulnerability that was detected at the start of 2010".
"A security patch was issued a few weeks later automatically to all Sure Signal boxes. As a result, Vodafone Sure Signal customers do not need to take any action to secure their device," Vodafone said on its website.
"We want to reassure our customers that the Vodafone network has not been compromised. We monitor the security of all of our products and services on an ongoing basis and will continue to do so."