T-Mobile's "Wi-Fi Calling" security vulnerability leaves subscribers at risk [UPDATE]

It seems to be a bad week for cell phone safety, with another vulnerability coming to light, this time concerning T-Mobile's Wi-Fi Calling feature. While the feature is handy for those who want to save minutes and utilize the Internet connection they already have available, it is also a potential hazard when it comes to keeping your personal texts and calls secret. Researchers at the University of California, Berkley are credited with finding the problem.

This information comes from SecurityWeek, which interviewed the two researchers – Jethro Beekman and Christopher Thompson – about their discovery. When Android handsets utilize Wi-Fi Calling, they fail to properly validate the security certificate for the server, which leaves them open to MiTM (man-in-the-middle) attacks. This vulnerability was discovered by reverse engineering the T-Mobile feature.

Says the researchers, T-Mobile uses regular VoIP for Wi-Fi Calling instead of a connection that encrypted, something that aids in its vulnerability. An attacker can take advantage of the victim if he is using the same wifi network the call is being placed over, intercepting calls and doing with them as he pleases. Mention was also given of the possibilty for setting up a malcious network to get callers to connect and use it.

Said the researchers: "Without this proper verification, hackers could have created a fake certificate and pretend to be the T-Mobile server. This would have allowed attackers to listen to and modify traffic between a phone and the server, letting them intercept and decrypt voice calls and text messages sent over Wi-Fi Calling."

Update: T-Mobile has rolled out a fix to all devices that corrects the issue.

[via Security Week]