Subscribers using wireless calls wide open to attack
By Thomas Claburn in San Francisco
Boffins from Michigan State University in the US and National Chiao Tung University in Taiwan have found that the Wi-Fi calling services offered by AT&T, T-Mobile US, and Verizon suffer from four security flaws that can be exploited to attack mobile phone users, leaking private information, harassing them, or interfering with service.
In a research paper distributed through preprint service ArXiv on Thursday, eight computer scientists - Tian Xie, Guan-Hua Tu, Bangjie Yin, Chi-Yu Li, Chunyi Peng, Mi Zhang, Hui Liu, and Xiaomin Liu - dismiss existing Wi-Fi calling security mechanisms. They say that defenses like storing private keys on SIM cards, 3GPP Authentication and Key Agreement, IPSec for call signaling and voice/text packets, and switching to cellular networks to defend against Wi-Fi denial of service attacks fall short.