sponsors
usenix conference policies
You are here
Breaking Cell Phone Authentication: Vulnerabilities in AKA, IMS, and Android
Jethro G. Beekman and Christopher Thompson, University of California, Berkeley
Next generation IP telephony such as the IP Multimedia Subsystem (IMS) framework has been used to create Internet calling services which let cellular users make and receive calls even when without cellular reception. In this paper, we look at the security aspects of Internet calling services and other systems that use the 3GPP Authentication and Key Agreement (AKA) protocol for authentication, particularly focusing on the context of cellular authentication in Android. We describe a new man-in-the-middle attack on T-Mobile’s Wi-Fi Calling service, which is installed on millions of T-Mobile Android smartphones. We also describe three new attacks on AKA in the context of Internet calling and Android. We have worked with T-Mobile to fix the man-in-the middle vulnerability, and we present clear and actionable solutions to fix the remaining vulnerabilities.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Jethro Beekman and Christopher Thompson},
title = {Breaking Cell Phone Authentication: Vulnerabilities in {AKA}, {IMS}, and Android},
booktitle = {7th USENIX Workshop on Offensive Technologies (WOOT 13)},
year = {2013},
address = {Washington, D.C.},
url = {https://www.usenix.org/conference/woot13/workshop-program/presentation/beekman},
publisher = {USENIX Association},
month = aug
}
connect with us