Little FYI: Wi-Fi calling services on AT&T, T-Mobile US, Verizon are insecure, say boffins...

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Subscribers using wireless calls wide open to attack

By Thomas Claburn in San Francisco

Boffins from Michigan State University in the US and National Chiao
Tung University in Taiwan have found that the Wi-Fi calling services
offered by AT&T, T-Mobile US, and Verizon suffer from four security
flaws that can be exploited to attack mobile phone users, leaking
private information, harassing them, or interfering with service.

In a research paper distributed through preprint service ArXiv on
Thursday, eight computer scientists - Tian Xie, Guan-Hua Tu, Bangjie
Yin, Chi-Yu Li, Chunyi Peng, Mi Zhang, Hui Liu, and Xiaomin Liu -
dismiss existing Wi-Fi calling security mechanisms. They say that
defenses like storing private keys on SIM cards, 3GPP Authentication
and Key Agreement, IPSec for call signaling and voice/text packets,
and switching to cellular networks to defend against Wi-Fi denial of
service attacks fall short.

Bill Horne
(Remove QRM from my email address to write to me directly)

Site Timeline