Little FYI: Wi-Fi calling services on AT&T, T-Mobile US, Verizon are insecure, say boffins [telecom]

Subscribers using wireless calls wide open to attack

By Thomas Claburn in San Francisco

Boffins from Michigan State University in the US and National Chiao Tung University in Taiwan have found that the Wi-Fi calling services offered by AT&T, T-Mobile US, and Verizon suffer from four security flaws that can be exploited to attack mobile phone users, leaking private information, harassing them, or interfering with service.

In a research paper distributed through preprint service ArXiv on Thursday, eight computer scientists - Tian Xie, Guan-Hua Tu, Bangjie Yin, Chi-Yu Li, Chunyi Peng, Mi Zhang, Hui Liu, and Xiaomin Liu - dismiss existing Wi-Fi calling security mechanisms. They say that defenses like storing private keys on SIM cards, 3GPP Authentication and Key Agreement, IPSec for call signaling and voice/text packets, and switching to cellular networks to defend against Wi-Fi denial of service attacks fall short.

formatting link

Reply to
Bill Horne
Loading thread data ... Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.