Vodafone has issued a statement about the security of the Vodafone Sure Signal femtocell, which is available in the UK to boost signal strength indoors.
On Wednesday last week a security group called The Hacker’s Choice said it had managed to reverse-engineer the equipment, enabling a modified femtocell to intercept calls made by Vodafone customers within 50 metres of the rogue device. A second vulnerability apparently enabled the hacker to impersonate the victim’s mobile phone, making calls on their account and accessing their voicemail.
Vodafone says a security patch was issued in February 2010 to protect against a vulnerability that had been discovered earlier that year. A ‘handful of devices’ still running software that predated the patch have now been disabled remotely.
It also says “The only time a customer could theoretically have been at risk was if they were registered on, and within 50 metres of, a box which the owner had tampered with. This would have required that person to dismantle the device and solder additional components onto it, as well as taking the conscious decision to prevent the device from receiving our automatic software updates.”