Feeds

T-Mobile patches Wi-Fi eavesdrop vuln

Certificate error discovered by Berkeley students

Security for virtualized datacentres

Last week, T-Mobile scrambled to patch a vulnerability uncovered by two University of California Berkeley students that made its Wi-Fi calling feature susceptible to man-in-the-middle attacks.

At issue in the students' research, published in full here (PDF), is the certificate implementation used in the feature. The now-patched bug in its Android feature used a certificate chain in which one certificate's name was the IP address of the server, and the second self-signed root certificate “is not included in standard Certificate Authority (CA) distributions”.

“This can mean that the root certificate was either built-in to T-Mobile’s client software, or they did not implement certificate validation correctly. In fact, the client does not seem to have any problems with sslsniff intercepting the connection, making us conclude the latter,” the students, Jethro Beekman and Christopher Thompson, write.

With a man-in-the-middle attack initiated, the researchers write, an attacker can capture the SIP message that provides the encryption key to be used for the calling session – allowing them to record all incoming and outgoing calls or SMS messages using the Wi-Fi calling feature.

“We verified the ability to record outgoing calls and incoming and outgoing text messages. We also verified the ability to change the destination phone number on outgoing calls by modifying sslsniff to change all occurrences of <sip: dest-phone#@msg.pc.t-mobile.com>, replacing a single target phone number by a different one,” they continue.

The only vulnerable phones were those using the T-Mobile IMS stack, covering a number of Samsung and HTC phones. According to the researchers, T-Mobile claimed to have pushed an update to all affected users by 18 March. ®

Beginner's guide to SSL certificates

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.