Voice Over Wi-Fi Vulnerability Let Attackers Eavesdrop Calls And SMS

Users use Voice Over Wi-Fi (VoWiFi) quite frequently nowadays, as it’s a technology that enables them to make voice calls over a Wi-Fi network.

This technology does so without relying on traditional cellular networks. 

Besides this, doing so allows the users to enhance their call quality and reliability in areas with poor network quality.

But, recently, a group of cybersecurity researchers from multiple renowned organizations have identified voice-over Wi-Fi vulnerability that enables threat actors to eavesdrop calls and SMS.

Voice Over Wi-Fi Vulnerability

IPsec tunnels are employed by Voice over Wi-Fi (VoWiFi) technology to route IP-based telephony from mobile network operators’ core networks via the Evolved Packet Data Gateway (ePDG).

How to Build a Security Framework With Limited Resources IT Security Team (PDF) - Free Guide

This process consists of two main phases: negotiation of encryption parameters and performing a key exchange using the Internet Key Exchange protocol, followed by authentication.

On the other hand, VoWi-Fi allows access to cellular network services without having traditional radio access networks which helps enhance the coverage for users and potential cost savings for operators.

However, many operators continue to use deprecated and weak Diffie-Hellman (DH) groups, fail 3GPP specifications, and share private keys across continents, leading to security concerns.

The risk is that these vulnerabilities could expose VoWiFi communications to MITM attacks, compromising data integrity or confidentiality, which is essential for better security in implementing VoWiFi solutions.

Security practices in VoWiFi implementations are revealed by examining carrier configurations across different smartphone platforms.

Some devices like iPhones and Android models can use out-of-date or weak cryptographic algorithms, especially the insecure DH21024 group.

The configuration settings are done differently, as Apple prefers using single-algorithm settings while Android supports several options.

This may leave enough time for attacks as the key lifetimes usually range from 10 to 24 hours.

These results show that VoWiFi needs better ways of ensuring security through standardization of manufacturers’ VoWiFi configurations and mobile network operators.

Critical security vulnerabilities were revealed during an extensive analysis of the Internet Key Exchange (IKE) handshakes used by Voice over Wi-Fi (VoWiFi) operators.

Out of 423 ePDG domains tested, 275 responded to handshake attempts, and 33 rejected all proposed key exchange methods.

Most alarmingly, session security across multiple networks was severely compromised when it was found that 12 operators shared sets of ten static private keys. The affected operator’s shared session secrets can be decrypted due to this vulnerability.

Operators also showed poor security practices, including reuse between handshakes and nonce reuse, which are both against IKEv2 specifications.

These findings highlight the systemic flaws in the implementation of VoWiFi, which could make users vulnerable to man-in-the-middle attacks, and communication security is compromised on a global scale, consequently requiring better security measures in VoWiFi protocols and implementations.

Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Free Access