Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Security Cellphones Communications United Kingdom IT

Vodafone Femtocells Rooted, Secret Keys Exposed 77

Posted by timothy
from the password-too-weak-try-another dept.
AmiMoJo writes "Hackers have discovered the root password for Vodafone femtocells, devices that provide the user with a mobile phone signal piggybacked onto their home broadband. The root password was 'newsys.' Once root access is obtained, phones can be forced to connect to the cell and private keys captured, allowing the user to spoof the victim's phone and potentially make calls or send texts on their account, not to mention eavesdrop."
This discussion has been archived. No new comments can be posted.

Vodafone Femtocells Rooted, Secret Keys Exposed

Comments Filter:
  • End-to-end (Score:4, Funny)

    by bWareiWare.co.uk (660144) on Friday July 15, 2011 @05:42AM (#36772928) Homepage
    Why dose having root on any cell, let alone a femtocell give you the ability to impersonate and eavesdrop? They should be simply forwarding the encrypted streams to/from Vodaphone they have no need to interpret or modify them. In fact it would have been trivial to design a phone system where even the operators can't eavesdrop, encrypting each call with the receiver's public key. The first time you rang a new number you would have to trust you were getting the correct public-key, but any abuse would be easy to detect and prove. This would mean that voice-mail etc. was only accessible with the original SIM, but that may not be too much of a compromise! You could still require that any phone connecting to the network submits its private keys to law enforcement.
  • Re:old news (Score:3, Funny)

    by naranek (1727936) on Friday July 15, 2011 @05:45AM (#36772938)

    So I guess the old root password was 'sys'

There is no distinction between any AI program and some existent game.

Working...