Vodafone Femtocells Rooted, Secret Keys Exposed

AmiMoJo writes "Hackers have discovered the root password for Vodafone femtocells, devices that provide the user with a mobile phone signal piggybacked onto their home broadband. The root password was 'newsys.' Once root access is obtained, phones can be forced to connect to the cell and private keys captured, allowing the user to spoof the victim's phone and potentially make calls or send texts on their account, not to mention eavesdrop."

End-to-end

[bWareiWare.co.uk]

Why dose having root on any cell, let alone a femtocell give you the ability to impersonate and eavesdrop? They should be simply forwarding the encrypted streams to/from Vodaphone they have no need to interpret or modify them. In fact it would have been trivial to design a phone system where even the operators can't eavesdrop, encrypting each call with the receiver's public key. The first time you rang a new number you would have to trust you were getting the correct public-key, but any abuse would be easy to detect and prove. This would mean that voice-mail etc. was only accessible with the original SIM, but that may not be too much of a compromise! You could still require that any phone connecting to the network submits its private keys to law enforcement.

Re:old news

[naranek]

So I guess the old root password was 'sys'