14 DAY TRIAL // Jethro Beekman and Christopher Thompson, students from the Electrical Engineering and Computer Sciences department of the University of California at Berkley, have identified a vulnerability in T-Mobile’s “Wi-Fi Calling” feature that could be exploited to launch man-in-the-middle (MITM) attacks.
Wi-Fi Calling is a service, preinstalled on millions of Android smartphones, that allows T-Mobile customers to make and receive calls even if they’re in an area where there’s no service.
However, because of the lack of proper TLS certificate validation, an attacker could have launched MITM attacks and intercept calls.
Hackers could have eavesdropped on conversations and intercept text messages, and they could have even modified them.
The issue was reported to T-Mobile back in December 2012. The experts say that the telecoms company has added proper certificate validation to mitigate potential attacks. On Monday, March 18, T-Mobile representatives said the updates containing the patch were pushed to all affected customers.
The researchers have confirmed that the attacks are no longer possible.
The technical details of the attack are available here.