A group of hacktivists have exposed a major security flaw that can allow basically anyone to gain full control of select Vodafone (News - Alert) UK subscribers’ cellular phones.

The Hackers Choice (THC), a group of computer researchers who work to prevent emerging security problems, were able to successfully use standard consumer hardware to eavesdrop on phone conversations, intercept calls and gain full access to other user’s accounts.

THC said that the security flaw exists in Vodafone’s Sure Signal femtocell, a small home router that boosts 3G reception by acting as a personal cell tower. After purchasing one of these devices directly from Vodafone, the hackers reverse engineered the hardware to turn the femtocell into an interception device.

Basically, THC unlocked the femto so that any user within 50 meters can connect to the device. Once an unsuspecting subscriber gains access to the open femto, hackers can tap into Vodafone’s core network and retrieve the secret key material of other Vodafone customers.

With this information in hand, attackers can not only listen in on personal phone calls, they can also impersonate another user’s handset. THC claims that the process allows them to access other users’ voicemails and make phone calls at the cost of the victim. The group also said that it is possible to remove the piece of hardware that enables Vodafone to track the location of the device.

In addition, THC found that the same ‘newsys’ administrator password is used across all femto devices.

“This is clearly a design flaw by Vodafone,” senior security researcher Eduart Steiner noted in a THC blog post. “It is disgusting to see that a major player like Vodafone chooses ‘newsys’ as the administrator password, thus allowing anyone to retrieve secret data of other people.”

The Inquirer points out that hackers could deploy an OpenVPN tunnel to impersonate another user’s phone while outside of the femtocell’s range.

Vodafone has yet to respond to the report. Click here for all the technical details on the hack.

Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO West 2011, taking place Sept. 13-15, 2011, in Austin, Texas. ITEXPO (News - Alert) offers an educational program to help corporate decision makers select the right IP-based voice, video, fax and unified communications solutions to improve their operations. It’s also where service providers learn how to profitably roll out the services their subscribers are clamoring for – and where resellers can learn about new growth opportunities. To register, click here.

Beecher Tuttle is a TMCnet contributor. He has extensive experience writing and editing for print publications and online news websites. He has specialized in a variety of industries, including health care technology, politics and education. To read more of his articles, please visit his columnist page.

Edited by Jennifer Russell