UK Mobile Network Actually Hacked
Whereas the News Of The World Phone ‘Hacking’ scandal was really about dodgy opportunists working for News International who dialled into other people’s mobile voicemail using default passwords, there is news across the internet today that core network components of the UK Vodafone 3G network have actually been hacked. First spotted on web blog The Hackers Choice and tweeted by @Nissemus, some intrepid souls have taken apart a Vodafone Sure Signal box. This device is known in the industry as a Femtocell; a miniature mobile base station which connects to the Vodafone network via the internet. It is sold by Vodafone as a solution for people who have internet at home but no mobile signal. Now, by making some modifications to the box and with some knowledge of Linux and networking, the box can be used to capture details of other people’s mobile phones and further to use that data to request data from the Vodafone core. An unscrupulous hacker could then make calls or send SMS messages using those details without having access to the actual mobile phone of the user concerned, along with other listed exploits. Worst still, the underlying paranoia of the recent “phone hacking scandal” headlines becomes real – the hacker could listen to and record the phone calls of any mobile subscriber trapped in this way. 3G networks have always been assumed to be the most secure with all traffic highly encrypted using keys; keys that would now be available using the methods described.
So far there has been little comment outside of the anorak networks but given the appetite for mobile-hacking-related panic fodder, this story is likely to grow quickly. Unlike the voicemail problem, this does actually have a basis in technical reality as an actual ‘hacking’ exploit. Vodafone are yet to comment but one would hope that a simple password change at the core and careful monitoring of network requests from Sure Signal boxes would limit the potential for mischief. Still, with the advent of mobile payment solutions, this is not the time for any doubts about the security of commercial mobile networks !
- How phone hacking worked and how to make sure you’re not a victim (nakedsecurity.sophos.com)
- News of the World Hacking Scandal: Are the 9/11 Rumors Credible? (swampland.time.com)
- Cartoon: Sweeping Things Under The Carpet (englishblog.com)