Voice Over Wi-Fi Vulnerability Let Attackers Eavesdrop Calls And SMS

Users use Voice Over Wi-Fi (VoWiFi) quite frequently nowadays, as it’s a technology that enables them to make voice calls over a Wi-Fi network.

This technology does so without relying on traditional cellular networks. 

Besides this, doing so allows the users to enhance their call quality and reliability in areas with poor network quality.

But, recently, a group of cybersecurity researchers from multiple renowned organizations have identified voice-over Wi-Fi vulnerability that enables threat actors to eavesdrop calls and SMS.

Voice Over Wi-Fi Vulnerability

IPsec tunnels are employed by Voice over Wi-Fi (VoWiFi) technology to route IP-based telephony from mobile network operators’ core networks via the Evolved Packet Data Gateway (ePDG).

How to Build a Security Framework With Limited Resources IT Security Team (PDF) - Free Guide

This process consists of two main phases: negotiation of encryption parameters and performing a key exchange using the Internet Key Exchange protocol, followed by authentication.

On the other hand, VoWi-Fi allows access to cellular network services without having traditional radio access networks which helps enhance the coverage for users and potential cost savings for operators.

However, many operators continue to use deprecated and weak Diffie-Hellman (DH) groups, fail 3GPP specifications, and share private keys across continents, leading to security concerns.

VoLTE compared to VoWiFi over an untrusted Internet connection (Source – CISPA)

The risk is that these vulnerabilities could expose VoWiFi communications to MITM attacks, compromising data integrity or confidentiality, which is essential for better security in implementing VoWiFi solutions.

Security practices in VoWiFi implementations are revealed by examining carrier configurations across different smartphone platforms.

Some devices like iPhones and Android models can use out-of-date or weak cryptographic algorithms, especially the insecure DH21024 group.

The configuration settings are done differently, as Apple prefers using single-algorithm settings while Android supports several options.

This may leave enough time for attacks as the key lifetimes usually range from 10 to 24 hours.

These results show that VoWiFi needs better ways of ensuring security through standardization of manufacturers’ VoWiFi configurations and mobile network operators.

Critical security vulnerabilities were revealed during an extensive analysis of the Internet Key Exchange (IKE) handshakes used by Voice over Wi-Fi (VoWiFi) operators.

Out of 423 ePDG domains tested, 275 responded to handshake attempts, and 33 rejected all proposed key exchange methods.

Most alarmingly, session security across multiple networks was severely compromised when it was found that 12 operators shared sets of ten static private keys. The affected operator’s shared session secrets can be decrypted due to this vulnerability.

Operators also showed poor security practices, including reuse between handshakes and nonce reuse, which are both against IKEv2 specifications.

These findings highlight the systemic flaws in the implementation of VoWiFi, which could make users vulnerable to man-in-the-middle attacks, and communication security is compromised on a global scale, consequently requiring better security measures in VoWiFi protocols and implementations.

Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Free Access

Tushar Subhra

Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Recent Posts

Indonesia Government Data Breach – Hackers Leaked 82 GB of Sensitive Data Online

Hackers have reportedly infiltrated and extracted a vast 82 GB of sensitive data from the Indonesian…

17 minutes ago

IBM AIX TCP/IP Vulnerability Lets Attackers Exploit to Launch Denial of Service Attack

IBM has issued a security bulletin warning of two vulnerabilities in its AIX operating system…

2 hours ago

Apache Auth-Bypass Vulnerability Lets Attackers Gain Control Over HugeGraph-Server

The Apache Software Foundation has issued a security alert regarding a critical vulnerability in Apache…

2 hours ago

USA Launched Cyber Attack on Chinese Technology Firms

The Chinese National Internet Emergency Center (CNIE) has revealed two significant cases of cyber espionage…

2 hours ago

Node.js systeminformation Package Vulnerability Exposes Millions of Systems to RCE Attacks

A critical command injection vulnerability in the popular systeminformation npm package has recently been disclosed, exposing millions…

1 day ago

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer through…

2 days ago