The two Australian telecommunication providers offering Femtocell products to customers have today confirmed that their devices are not vulnerable to a hack which had the potential to allow anyone to listen to voice calls.
Update: To clarify — it’s the Vodafone device which had the vulnerability, not the 3G, UMTS and WCDMA standard .
Femtocell devices have been used by telecommunication companies around the world for sometime, and work by using a home or office fixed-line broadband connection to extend a 3G signal in areas where coverage may be poor.
However a hack discovered by website The Hacker’s Choice has bought into question the security of using such devices, with the group discovering a vulnerability in Vodafone UK’s “Sure Signal” Femtocell device which could potentially allow anyone the ability to listen in on voice calls within the vicinity of the device.
The hack worked by exploiting a vulnerability in the Vodafone Femtocell device which uses the 3G, UMTS and WCDMA standard that allowed the group to turn a normally functioning Femtocell into an “interception device” by reverse engineering the software running on the device.
“A Femto is linked to the Vodafone core network via your home Internet connection. The Femto uses this access to retrieve the secret key material of a Vodafone customer who wants to use the Femto,” the group explained today.
“THC found a way to… allow any subscriber – even those not registered with the Femto – to use the Femto. They turned it into an IMSI [International Mobile Subscriber Identity] grabber. The attacker has to be within 50m range of the UK Vodafone customer to make the customer’s phone use the attacker’s femto.”
However this morning Vodafone UK released a statement confirming that the company had been aware of the vulnerability for some time and had taken action in early 2010 to rectify the problem.
“The claims regarding Vodafone Sure Signal, which is a signal booster used indoors, relate to a vulnerability that was detected at the start of 2010. A security patch was issued a few weeks later automatically to all Sure Signal boxes,” a Vodafone UK spokesperson said.
“As a result, Vodafone Sure Signal customers do not need to take any action to secure their device.”
Recently two Australian telco providers began trialling the devices, with Optus launching a limited consumer trail in select areas of New South Wales and Queensland earlier in the year and Vodafone quietly launching their own Femtocell trial program for businesses around the same time.
Vodafone Hutchison Australia confirmed this afternoon that customers involved in their Femtocell program are not impacted by the vulnerability, while an Optus spokesperson said that their “3G Home Zone” customers use a different version and network configuration that isn’t susceptible to the exploit.
“Optus takes the security of its network and customers very seriously. We have a number of measures in place at a device and network level to ensure a high level of security for its network and customers during its Femtcoell rollout,” an Optus spokesperson mentioned.
“The product version and network configuration described in the claims are not being used in Optus’ current Femtocell trial.”
Telstra doesn’t offer a Femtocell device for consumers or business, claiming that the devices belong in the “dumb-idea-of-the-week category”.
