Reply to post: Oh boy...

Little FYI: Wi-Fi calling services on AT&T, T-Mobile US, Verizon are insecure, say boffins

Anonymous Coward
Anonymous Coward

Oh boy...

The first flaw identified involves the 3GPP Wi-Fi network selection mechanism, which does not exclude insecure Wi-Fi networks when choosing a network for connection.

Nor should it. Anyone connecting to an open SSID should certainly understand that they are wide open to attack.

The second is that devices making Wi-Fi calls lack defenses against ARP (Address Resolution Protocol) spoofing/poisoning attacks, which the researchers say is often a precursor to a man-in-the-middle attack.

The typical defenses against ARP spoofing and poisoning should never be introduced at the client/workstation level. Expecting an end user to understand and enable/maintain such configurations is a fool's errand. These features that protect ARP need to be enabled on network infrastructure instead.

The third flaw found has to do with the way the three US carriers' implement IPSec protection, which turns out to be vulnerable to side channel attacks that can leak private information.

Well, of course it will be vulnerable to side channel attacks. The alternative to run a VPN on your phone, which I would do if I was on an open SSID. But why would I bother when I spend so much time and effort securing my Wifi networks?

The fourth vulnerability, say the researchers, is a design defect in the way Wi-Fi calling standards work. Wi-Fi calling protocols are set up to only consider the quality of Wi-Fi links when initiating a connection. But once a functional link is established, a Wi-Fi calling device won't switch to the cellular network if Wi-Fi packets keep getting dropped.

I call bollocks on this one. If there's enough packet loss, the phone doesn't think you have Internet access, which is the trigger to revert to the mobile data. It's not remotely reasonable to expect the phone to revert to mobile data every time there's any packet loss. And if you did set a threshold, is there really a point at which you can readily set one? Is 50% packet loss on one connection among many too much? 25%?

These points are understandable, but hardly qualify as vulnerabilities. I would also point out that the issues don't really lie, in most cases, with Wifi calling itself, but with the underlying network involved.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon