Vodafone says femtocell safe, despite hacker claims

Last week The Hacker’s Choice (THC), an independent security research group, claimed that Vodafone’s (London, England) mobile network was not secure from hackers.

According to THC’s blog, there is a problem with Vodafone’s Sure Signal femtocell, which uses broadband to give 3G mobile phones better coverage when indoors. THC claims that it can turn the femtocell into an interception device to listen to, and record conversations, as long as the femtocell is within 50 meters of the mobile phone.


Last week The Hacker’s Choice (THC), an independent security research group, claimed that Vodafone’s (London, England) mobile network was not secure from hackers.

According to THC’s blog, there is a problem with Vodafone’s Sure Signal femtocell, which uses broadband to give 3G mobile phones better coverage when indoors. THC claims that it can turn the femtocell into an interception device to listen to, and record conversations, as long as the femtocell is within 50 meters of the mobile phone.

In response to these claims, Vodafone released a statement saying that its network has not been compromised, and that this vulnerability had been detected and fixed at the beginning of 2010.

“A security patch was issued a few weeks later automatically to all Sure Signal boxes,” Vodafone said in a statement. “As a result, Vodafone Sure Signal customers do not need to take any action to secure their device. We monitor the security of all our products and services on an ongoing basis and will continue to do so.”

In its blog, THC said Vodafone did not fix the core problem; only the way THC gained administrator access to the femtocell. The group goes on to say that the only secure way to fix the problem would be to redesign the femtocell.

In response Vodafone released a second statement stating that, “The only time a customer could theoretically have been at risk was if they were registered on, and within 50 meters of, a box which the owner had tampered with. This would have required that person to dismantle the device and solder additional components onto it, as well as taking the conscious decision to prevent the device from receiving our automatic software updates.”

THC still maintains that Vodafone’s network had been compromised, and claims that it had obtained private information from the core Vodafone network from customers who did not have or were not registered to a femtocell.