Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home > News > Security

July 15th, 2011, 09:26 GMT · By

Vodafone UK Forces Sure Signal Users to Upgrade Firmware

SHARE:

Adjust text size:


Security update available for Sure Signal
Enlarge picture
A vulnerability that allows hackers to convert a Sure Signal femtocell into a call interception device has prompted Vodafone UK to force all users to perform a firmware upgrade.

The Internet was abuzz yesterday with news about how a group called The Hacker's Choice (THC) published information that would allow people to use modified Sure Signal devices to record other people's phone calls.

Sure Signal is an indoor cellular base station sold by Vodafone UK and designed to boost signal in areas with bad reception.

Such devices are known as femtocells and work by routing communications over broadband connections. They can service a limited number of cell phones over a restricted distance.

It turns out that at the time when THC chose to make its research public, the exploited vulnerability had been patched for over a year.

"The claims regarding Vodafone Sure Signal, which is a signal booster used indoors, relate to a vulnerability that was detected at the start of 2010. A security patch was issued a few weeks later automatically to all Sure Signal boxes," Vodafoke UK said in a statement, according to SlashGear.

Most users have since upgraded their boxes, but to make sure that no one remains vulnerable, Vodafone killed the ability of femtocells with unpatched firmware to connect to its network.

This is the exact solution we suggested yesterday and leaves Sure Signal hackers with two options, either they upgrade or they can't use their device in a meaningful way.

Sony took a similar approach after the PS3 was hacked and its secret key was leaked on the Internet. The company released a patched firmware and prevented consoles from connecting to the PlayStation Network until upgrading.

"We have identified just a handful of devices running software which pre-dates the patch we issued to fix this vulnerability (originally issued in February 2010). These devices will no longer access our network unless they are carrying the most recent software update. Devices will automatically poll for this update upon being powered up," Vodafone UK explained.

TELL US WHAT YOU THINK:

1,544 hits · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


Hackers Turn Vodafone Home Cellular Base Station into Call Interception Device
Data Interception Solution for BlackBerry Consumer Services Goes Live in India
Hacker Intercepts Phone Calls at DEFCON

READER COMMENTS:



No user comments yet.
Be the first to express your opinion!
Copyright © 2001-2012 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use