Posted on March 23, 2013 10:12 am

T-Mobile Wi-Fi Calling Was Vulnerable to Trivial MITM Attack

from the who-do-you-trust? dept.

“A vulnerability discovered by researchers at UC Berkeley enabled attackers to eavesdrop on and modify calls and text messages sent using T-Mobile’s ‘Wi-Fi Calling’ feature. According to Jethro Beekman and Christopher Thompson, both UC Berkeley graduate students, when an affected Android device connected to a server via T-Mobile’s Wi-Fi Calling feature, it did not correctly validate the server’s security certificate, exposing calls and text messages to a ‘man-in-the-middle’ (MiTM) attack. … ‘[An attacker] could record, block and reroute SIP traffic. The attacker could change it by faking a sender or changing the real-time voice data or message content. He could fake incoming traffic and he can impersonate the client with forged outgoing traffic,’ the report, released Tuesday, said. Beekman and Thompson said they notified T-Mobile of their discoveries in December 2012, and worked with the mobile operator to confirm and fix the problem. As of March 18, all affected T-Mobile customers have received the security update fixing the vulnerability, the researchers said.” By ‘did not correctly validate,’ they mean that the certificate was self-signed and the client blindly trusted any certificate with the common name it was expecting.