Feeds

T-Mobile patches Wi-Fi eavesdrop vuln

Certificate error discovered by Berkeley students

5 things you didn’t know about cloud backup

Last week, T-Mobile scrambled to patch a vulnerability uncovered by two University of California Berkeley students that made its Wi-Fi calling feature susceptible to man-in-the-middle attacks.

At issue in the students' research, published in full here (PDF), is the certificate implementation used in the feature. The now-patched bug in its Android feature used a certificate chain in which one certificate's name was the IP address of the server, and the second self-signed root certificate “is not included in standard Certificate Authority (CA) distributions”.

“This can mean that the root certificate was either built-in to T-Mobile’s client software, or they did not implement certificate validation correctly. In fact, the client does not seem to have any problems with sslsniff intercepting the connection, making us conclude the latter,” the students, Jethro Beekman and Christopher Thompson, write.

With a man-in-the-middle attack initiated, the researchers write, an attacker can capture the SIP message that provides the encryption key to be used for the calling session – allowing them to record all incoming and outgoing calls or SMS messages using the Wi-Fi calling feature.

“We verified the ability to record outgoing calls and incoming and outgoing text messages. We also verified the ability to change the destination phone number on outgoing calls by modifying sslsniff to change all occurrences of <sip: dest-phone#@msg.pc.t-mobile.com>, replacing a single target phone number by a different one,” they continue.

The only vulnerable phones were those using the T-Mobile IMS stack, covering a number of Samsung and HTC phones. According to the researchers, T-Mobile claimed to have pushed an update to all affected users by 18 March. ®

Next gen security for virtualised datacentres

More from The Register

next story
Microsoft: We plan to CLEAN UP this here Windows Store town
Paid-for apps that provide free downloads? Really
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Hear ye, young cyber warriors of the realm: GCHQ wants you
Get involved, get a job and then never discuss work ever again
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.