The Untold Secrets of Operational Wi-Fi Calling Services: Vulnerabilities, Attacks, and Countermeasures

by   Tian Xie, et al.
Purdue University
Michigan State University
National Chiao Tung University

Since 2016, all of four major U.S. operators have rolled out nationwide Wi-Fi calling services. They are projected to surpass VoLTE (Voice over LTE) and other VoIP services in terms of mobile IP voice usage minutes in 2018. They enable mobile users to place cellular calls over Wi-Fi networks based on the 3GPP IMS (IP Multimedia Subsystem) technology. Compared with conventional cellular voice solutions, the major difference lies in that their traffic traverses untrustful Wi-Fi networks and the Internet. This exposure to insecure networks may cause the Wi-Fi calling users to suffer from security threats. Its security mechanisms are similar to the VoLTE, because both of them are supported by the IMS. They include SIM-based security, 3GPP AKA (Authentication and Key Agreement), IPSec (Internet Protocol Security), etc. However, are they sufficient to secure Wi-Fi calling services? Unfortunately, our study yields a negative answer. We conduct the first study of exploring security issues of the operational Wi-Fi calling services in three major U.S. operators' networks using commodity devices. We disclose that current Wi-Fi calling security is not bullet-proof and uncover four vulnerabilities which stem from improper standard designs, device implementation issues and network operation slips. By exploiting the vulnerabilities, together with several state-of-the-art computer visual recognition technologies, we devise two proof-of-concept attacks: user privacy leakage and telephony harassment or denial of voice service (THDoS); both of them can bypass the security defenses deployed on mobile devices and the network infrastructure. We have confirmed their feasibility and simplicity using real-world experiments, as well as assessed their potential damages and proposed recommended solutions.


page 15

page 16

page 18

page 19

page 20


Secure voice based authentication for mobile devices: Vaulted Voice Verification

As the use of biometrics becomes more wide-spread, the privacy concerns ...

The Insecurity of Home Digital Voice Assistants - Amazon Alexa as a Case Study

Home Digital Voice Assistants (HDVAs) are getting popular in recent year...

Security and Privacy of IP-ICN Coexistence: A Comprehensive Survey

Internet usage has changed from its first design. Hence, the current Int...

An experimental evaluation and characterization of VoIP over an LTE-A network

Mobile telecommunications are converging towards all-IP solutions. This ...

PHOENIX: Device-Centric Cellular Network Protocol Monitoring using Runtime Verification

End-user-devices in the current cellular ecosystem are prone to many dif...

DICE: Dynamic Interconnections for the Cellular Ecosystem

To enable roaming of users, the cellular ecosystem integrates many entit...

Multi-service Threats: Attacking and Protecting Network Printers and VoIP Phones alike

Printing over a network and calling over VoIP technology are routine at ...

Please sign up or login with your details

Forgot password? Click here to reset