Voda: Femtocell phone-hacking vuln was fixed in 2010
News International scandal stirs interest in old backdoor
Vodafone said that claims of a vulnerability involving its femtotell base station technology relate to a flaw it fixed a year ago.
Security shortcomings in Vodafone's femtocell signal booster technology create a possible means for hacker to intercept calls or impersonate users that connect via a compromised device, The Hacker's Choice (THC) claims. THC claims to have reverse-engineered allegedly insecure base station kit, so turning hacked femtocells into an interception device in the process. The bug ultimately stems from default root passwords on a insecure device console.
The research was first published in a blog on Tuesday, rapidly reaching notoriety in the process. In a statement, Vodafone said that the underlying security bug was actually fixed as long ago as last year.
Overnight on July 12, a claim appeared that hackers had found security loopholes in Vodafone Sure Signal which could compromise the security of Vodafone's network. This is untrue: the Vodafone network has not been compromised.
The claims regarding Vodafone Sure Signal, which is a signal booster used indoors, relate to a vulnerability that was detected at the start of 2010. A security patch was issued a few weeks later automatically to all Sure Signal boxes. As a result, Vodafone Sure Signal customers do not need to take any action to secure their device. We monitor the security of all of our products and services on an ongoing basis and will continue to do so.
It seems that the flaw involve relates to a bug publicised at the time that has since become more noteworthy – partly because of the ongoing News International voicemail hacking scandal. THC's website was private last year, but opened up to the public earlier this week. ®
Post story. Wait for someone to check the facts for you later.
"...the Vodafone network has not been compromised [that we know of, but if we did know it had been compromised we would definitely tell you, honest!]"
There fixed it for you.
The OP reflashed his device and took the geoloc components out completely!
He stated that he had recently tok his device to france and set it up in paris and it worked.
Another commentor mentioned that VF now check packet latency and if it too big they cut you
off so no trips to .au folks.
The problem with such simplistic barriers is this device is NFG for anyone who gets thier internet via a RF relay (such as some folks in the highlands).
Also how does an update get to a box that has been reflashed with a new/modified O/S?
VF should hire more techs and less PR staff.