Wednesday, May 7, 2025
HomeCVE/vulnerabilityVoice Over Wi-Fi Vulnerability Let Attackers Eavesdrop Calls And SMS

Voice Over Wi-Fi Vulnerability Let Attackers Eavesdrop Calls And SMS

Published on

SIEM as a Service

Follow Us on Google News

Users use Voice Over Wi-Fi (VoWiFi) quite frequently nowadays, as it’s a technology that enables them to make voice calls over a Wi-Fi network.

This technology does so without relying on traditional cellular networks. 

Besides this, doing so allows the users to enhance their call quality and reliability in areas with poor network quality.

- Advertisement - Google News

But, recently, a group of cybersecurity researchers from multiple renowned organizations have identified voice-over Wi-Fi vulnerability that enables threat actors to eavesdrop calls and SMS.

Voice Over Wi-Fi Vulnerability

IPsec tunnels are employed by Voice over Wi-Fi (VoWiFi) technology to route IP-based telephony from mobile network operators’ core networks via the Evolved Packet Data Gateway (ePDG).

How to Build a Security Framework With Limited Resources IT Security Team (PDF) - Free Guide

This process consists of two main phases: negotiation of encryption parameters and performing a key exchange using the Internet Key Exchange protocol, followed by authentication.

On the other hand, VoWi-Fi allows access to cellular network services without having traditional radio access networks which helps enhance the coverage for users and potential cost savings for operators.

However, many operators continue to use deprecated and weak Diffie-Hellman (DH) groups, fail 3GPP specifications, and share private keys across continents, leading to security concerns.

VoLTE compared to VoWiFi over an untrusted Internet connection (Source – CISPA)

The risk is that these vulnerabilities could expose VoWiFi communications to MITM attacks, compromising data integrity or confidentiality, which is essential for better security in implementing VoWiFi solutions.

Security practices in VoWiFi implementations are revealed by examining carrier configurations across different smartphone platforms.

Some devices like iPhones and Android models can use out-of-date or weak cryptographic algorithms, especially the insecure DH21024 group.

The configuration settings are done differently, as Apple prefers using single-algorithm settings while Android supports several options.

This may leave enough time for attacks as the key lifetimes usually range from 10 to 24 hours.

These results show that VoWiFi needs better ways of ensuring security through standardization of manufacturers’ VoWiFi configurations and mobile network operators.

Critical security vulnerabilities were revealed during an extensive analysis of the Internet Key Exchange (IKE) handshakes used by Voice over Wi-Fi (VoWiFi) operators.

Out of 423 ePDG domains tested, 275 responded to handshake attempts, and 33 rejected all proposed key exchange methods.

Most alarmingly, session security across multiple networks was severely compromised when it was found that 12 operators shared sets of ten static private keys. The affected operator’s shared session secrets can be decrypted due to this vulnerability.

Operators also showed poor security practices, including reuse between handshakes and nonce reuse, which are both against IKEv2 specifications.

These findings highlight the systemic flaws in the implementation of VoWiFi, which could make users vulnerable to man-in-the-middle attacks, and communication security is compromised on a global scale, consequently requiring better security measures in VoWiFi protocols and implementations.

Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Free Access

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations,...

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search...

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider,...

Over 2,800 Hacked Websites Targeting MacOS Users with AMOS Stealer Malware

Cybersecurity researcher has uncovered a massive malware campaign targeting MacOS users through approximately 2,800...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations,...

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search...

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider,...