T-Mobile devices having a default Wi-Fi Calling feature that keeps you
connected in areas with little or no coverage using Wi-Fi connection. But this feature lets millions of Android users vulnerable to Man-in-the-Middle attack. To become a man-in-the-middle would be for the attacker to be on the same open
wireless network as the victim, such as at a coffee shop or other public
space.
The flaw could potentially allow hackers to access and modify calls and
messages made by T-Mobile users on certain Android smartphones.
T-Mobile uses regular VoIP for Wi-Fi Calling instead of a connection
that encrypted, something that aids in its vulnerability. The
certificate validation had not been fully implemented, so without this
proper verification, hackers could have created a fake certificate and
pretend to be the T-Mobile server. T-Mobile released a security update to its Android users on March 18 that resolved the issue.
No comments:
Post a Comment