Thought Leadership
CISPA researcher Adrian Dabrowski, together with colleagues from SBA Research and the University of Vienna, has uncovered two far-reaching security vulnerabilities in the mobile phone protocol Voice over WiFi (VoWiFi), also known as WLAN calling.
These vulnerabilities jeopardized the communication security of millions of mobile customers worldwide.
Corresponding updates to rectify the problems have now been carried out.
Modern smartphones can establish telephone connections not only via the mobile network, but also via Wi-Fi to guarantee accessibility even in places with poor mobile network quality, such as tunnels, basements or on train journeys. Wi-Fi calling, which has been available since 2016, is now offered by almost all major mobile network operators and is preset on all new smartphones. “The service is very practical in itself. However, during an investigation, we found that in some cases the connection between the smartphone and mobile networks is not secure,” explains Adrian Dabrowski.
Weaknesses on the part of mobile phone providers
The services of 13 (of the total of 275 examined) mobile network providers were affected, including those from Austria, Slovakia, Brazil and Russia, resulting in around 140 million customers whose communication security was compromised. “An important network component in the LTE and 5G network architecture is to blame: the so-called Evolved Packet Data Gateway (ePDG),” explains Dabrowski. For Wi-Fi calls, a smartphone has to log into the mobile operator’s core network. In order for this to happen securely, so-called IPsec tunnels are set up between the device and the ePDG, which is the Internet-side access point to the mobile network. IPSec tunnels are a type of VPN, i.e. a virtual private network that cannot be viewed from the outside.
IPsec tunnels are set up in several steps. Communication security is primarily guaranteed by the exchange of cryptographic keys in accordance with the Internet Key Exchange Protocol (IKE). “These are ancient procedures and are actually secure. Unless you get the keys wrong,” explains Dabrowski. Because they have to be private, i.e. secret, and random. According to the researcher, neither was the case with the operators. To the researchers’ surprise, the 13 operators used the same global set of ten static private keys instead of random keys.
“Anyone who was in possession of these not really private “private keys” could easily listen in on the communication between the smartphones and the mobile operators,” explains Gabriel Gegenhuber, security researcher at SBA Research and in the Security and Privacy research group at the University of Vienna. “Each of the affected mobile network operators, the manufacturer and possibly the security authorities of each of these countries have access to the keys.” The networks of the Chinese provider ZTE were affected.
Vulnerabilities in smartphone chips and in the configuration on smartphones
As if that wasn’t enough, the researchers also discovered that many of the new chips (including 5G) from Taiwanese manufacturer MediaTek, which are used in some Android smartphones from manufacturers such as Xiaomi, Oppo, Realme and Vivo, have another vulnerability.
“This chip works together with the SIM card to register users with VoWiFi in the mobile network. We discovered that it is possible to reduce the encryption on the smartphone side to the weakest variant with targeted attacks,” says Dabrowski. “Their measurements and analyses of the configurations on the client and server side of many other manufacturers, including Google, Apple, Samsung and Xiaomi, also showed that there is more to mobile phone security. In up to 80 percent of the cases in which we simulated a connection setup, we found that outdated cryptographic procedures were used that no longer comply with the standard,” says Dabrowski.
Damage is unclear, updates have been installed
The researchers cannot say how many users worldwide were actually affected by attacks or intercepted by the vulnerability on the part of mobile operators. However, they have informed the Global Society of Mobile Manufacturers (GSMA) and the providers and companies concerned and given them the opportunity to develop updates. These have since been implemented. Only after this responsible disclosure has been made have they now published their work at the USENIX Security Symposium 2024, making their findings available to other researchers.
Further information can be found here.
(vp/CISPA Helmholtz Center for Information Security)
