A reported exploit found in Vodafone UK's femtocell devices that allows people to listen in on 3G voice calls has since been patched, according to the telco.
Vodafone's Sure Signal Femtocell
Femtocells are devices that are connected to a fixed-line home internet connection and allow customers to boost their 3G signal in the home. The devices are designed to only be able to be used by people who have registered their number on the femtocell.
Security blog The Hacker's Choice earlier this week reported that Vodafone's Sure Signal Femtocell technology, developed by Alcatel-Lucent, was reverse engineered so that it was able to get access to Vodafone's core network and gain information about the telco's customers, and even listen in on phone calls or impersonate other people's phones.
According to the hacker, Vodafone had used the default administrator password of "newsys", which made access even easier.
Vodafone Australia told ZDNet Australia that the vulnerability, which was discovered by the hackers in 2010, has since been patched.
"The claims regarding Vodafone Sure Signal, which is a signal booster used indoors, relate to a vulnerability that was detected at the start of 2010. A security patch was issued a few weeks later automatically to all Sure Signal boxes," Vodafone said in a statement. "As a result, Vodafone Sure Signal customers do not need to take any action to secure their device."
Vodafone has recently launched a similar femtocell device for businesses; however, it is a different vendor that supplies the technology.
Optus' own femtocell device is of the same brand as the Sure Signal; however, Optus told ZDNet Australia that the brand and software was newer than that which the hacker had manipulated.
"The product version and network configuration described in the claims are not being used in Optus' current femtocell trial," Optus said. "We have a number of measures in place at a device and network level to ensure a high level of security for its network and customers during its femtocell roll-out."
The news comes as News Limited CEO Rupert Murdoch last week closed the UK publication News of the World following the revelation that journalists had accessed the voicemail of murder victims and politicians.