Loading...

Man-in-the-Middle Attack on T-Mobile Wi-Fi Calling

Jethro Beekman and Christopher Thompson, discovered a vulnerability which would allow attackers to eavesdrop on and even modify calls and text messages sent via T-Mobile's "Wi-Fi Calling" feature. The feature, which we estimate is installed on millions of T-Mobile Android smartphones, allows customers to make and receive calls and text messages even when they don't have cellular reception.
 They  notified T-Mobile  findings in December 2012, and have worked with Darren Kress, T-Mobile's senior manager for Mobile Assurance and Product Security, to confirm and fix the problem. T-Mobile reports that, as of March 18, all affected customers have received the security update fixing this vulnerability.
Jethro Beekman and Christopher Thompson, current UC Berkeley graduate students in EECS. In the course of our analysis of the Wi-Fi Calling feature, we found that when an affected phone connected to a server via T-Mobile's Wi-Fi Calling feature, it did not correctly validate the server's security certificate, exposing calls and text messages to a "man-in-the-middle" attack. Without this proper verification, hackers could create a fake certificate and pretend to be the T-Mobile server. This would allow attackers to listen to and modify traffic between a phone and the server, allowing them to intercept and decrypt voice calls and text messages sent over Wi-Fi Calling.
The simplest way to become a man-in-the-middle would be for the attacker to be on the same open wireless network as the victim, such as at a coffee shop or other public space.
To discover and implement the attack, we reverse engineered the Wi-Fi Calling feature, which uses a standard voice-over-IP protocol (SIP) over an encrypted connection (TLS).
The update to fix this vulnerability, which we have independently verified, is now included with T-Mobile's Wi-Fi Calling application.

Technical Report

Jethro Beekman and Christopher Thompson, have made a technical report covering the vulnerability and the man-in-the-middle attack in more detail available online.

Reactions: 
WiFi 6304896144603956977

Post a Comment

emo-but-icon

Home item

Follow by Email

Recommend on Google

Advertisements

Advertisements

Popular Posts

Random Posts

Recent Posts

ADS

eXTReMe Tracker