Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Android

+ - T-Mobile Security Flaw Allowed Eavesdropping of Wi-Fi Calls, Texts->

Submitted by wiredmikey
wiredmikey (1824622) writes "A vulnerability discovered by researchers at UC Berkeley enabled attackers to eavesdrop on and modify calls and text messages sent using T-Mobile's "Wi-Fi Calling" feature.

According to Jethro Beekman and Christopher Thompson, both UC Berkeley graduate students, when an affected Android device connected to a server via T-Mobile's Wi-Fi Calling feature, it did not correctly validate the server's security certificate, exposing calls and text messages to a "man-in-the-middle" (MiTM) attack.

In short, by executing a MiTM attack, and using decrypted SIP (Session Initiation Protocol) dialog, an attacker could record all incoming and outgoing calls and text messages. “[An attacker] could record, block and reroute SIP traffic. The attacker could change it by faking a sender or changing the real-time voice data or message content. He could fake incoming traffic and he can impersonate the client with forged outgoing traffic,” the report, released Tuesday, said.

Beekman and Thompson said they notified T-Mobile of their discoveries in December 2012, and worked with the mobile operator to confirm and fix the problem. As of March 18, all affected T-Mobile customers have received the security update fixing the vulnerability, the researchers said.

This is not the first time TLS/SSL issues have come to the forefront of mobile world. Last October, researchers from two universities in Germany published a paper (PDF) that exposed the state of SSL within Android applications, which revealed that many applications failed to properly implement SSL, leaving millions of users exposed to basic Man-In-The-Middle attacks."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

T-Mobile Security Flaw Allowed Eavesdropping of Wi-Fi Calls, Texts

Comments Filter:

Computer Science is the only discipline in which we view adding a new wing to a building as being maintenance -- Jim Horning

Working...