Monday, December 9, 2024
HomeCVE/vulnerabilityVoice Over Wi-Fi Vulnerability Let Attackers Eavesdrop Calls And SMS

Voice Over Wi-Fi Vulnerability Let Attackers Eavesdrop Calls And SMS

Published on

SIEM as a Service

Users use Voice Over Wi-Fi (VoWiFi) quite frequently nowadays, as it’s a technology that enables them to make voice calls over a Wi-Fi network.

This technology does so without relying on traditional cellular networks. 

Besides this, doing so allows the users to enhance their call quality and reliability in areas with poor network quality.

- Advertisement - SIEM as a Service

But, recently, a group of cybersecurity researchers from multiple renowned organizations have identified voice-over Wi-Fi vulnerability that enables threat actors to eavesdrop calls and SMS.

Voice Over Wi-Fi Vulnerability

IPsec tunnels are employed by Voice over Wi-Fi (VoWiFi) technology to route IP-based telephony from mobile network operators’ core networks via the Evolved Packet Data Gateway (ePDG).

How to Build a Security Framework With Limited Resources IT Security Team (PDF) - Free Guide

This process consists of two main phases: negotiation of encryption parameters and performing a key exchange using the Internet Key Exchange protocol, followed by authentication.

On the other hand, VoWi-Fi allows access to cellular network services without having traditional radio access networks which helps enhance the coverage for users and potential cost savings for operators.

However, many operators continue to use deprecated and weak Diffie-Hellman (DH) groups, fail 3GPP specifications, and share private keys across continents, leading to security concerns.

VoLTE compared to VoWiFi over an untrusted Internet connection (Source – CISPA)

The risk is that these vulnerabilities could expose VoWiFi communications to MITM attacks, compromising data integrity or confidentiality, which is essential for better security in implementing VoWiFi solutions.

Security practices in VoWiFi implementations are revealed by examining carrier configurations across different smartphone platforms.

Some devices like iPhones and Android models can use out-of-date or weak cryptographic algorithms, especially the insecure DH21024 group.

The configuration settings are done differently, as Apple prefers using single-algorithm settings while Android supports several options.

This may leave enough time for attacks as the key lifetimes usually range from 10 to 24 hours.

These results show that VoWiFi needs better ways of ensuring security through standardization of manufacturers’ VoWiFi configurations and mobile network operators.

Critical security vulnerabilities were revealed during an extensive analysis of the Internet Key Exchange (IKE) handshakes used by Voice over Wi-Fi (VoWiFi) operators.

Out of 423 ePDG domains tested, 275 responded to handshake attempts, and 33 rejected all proposed key exchange methods.

Most alarmingly, session security across multiple networks was severely compromised when it was found that 12 operators shared sets of ten static private keys. The affected operator’s shared session secrets can be decrypted due to this vulnerability.

Operators also showed poor security practices, including reuse between handshakes and nonce reuse, which are both against IKEv2 specifications.

These findings highlight the systemic flaws in the implementation of VoWiFi, which could make users vulnerable to man-in-the-middle attacks, and communication security is compromised on a global scale, consequently requiring better security measures in VoWiFi protocols and implementations.

Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Free Access

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

DaMAgeCard Attack – New SD Card Attack Lets Hackers Directly Access System Memory

Security researchers have identified a significant vulnerability dubbed "DaMAgeCard Attack" in the new SD...

Deloitte Denies Breach, Claims Only Single System Affected

Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish...

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...

Russian BlueAlpha APT Exploits Cloudflare Tunnels to Distribute Custom Malware

BlueAlpha, a Russian state-sponsored group, is actively targeting Ukrainian individuals and organizations by using...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

DaMAgeCard Attack – New SD Card Attack Lets Hackers Directly Access System Memory

Security researchers have identified a significant vulnerability dubbed "DaMAgeCard Attack" in the new SD...

Deloitte Denies Breach, Claims Only Single System Affected

Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish...

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...