WiFi Calling: Revealing Downgrade Attacks and Not-so-private private Keys

May 19, 2025 Yanac

VoWiFi (aka Wi-Fi Calling) is a convenient way for the customer to get better cell coverage while also externalizing the costs for the last mile to the customer without losing call revenue. On a technical level, this is standardized by using IPsec tunnels directly into the mobile network operator’s core network.

We found that for years, at least 140 million cellular customers worldwide were only using one of ten IPsec keys. Furthermore, a major phone chipset manufacturer allowed downgrades to key lengths well below the 3GPP specification: 768 bits, which is widely considered inadequate for a resourceful attacker.

By:
Adrian Dabrowski | PhD, University of Applied Sciences FH Campus Wien
Gabriel Gegenhuber | Dipl-Ing., University of Vienna, Austria
Florian Holzbauer | University of Vienna
Philipp É. Frenzel | SBA Research

Full Abstract and Presentation Materials:
https://www.blackhat.com/eu-24/briefings/schedule/#wifi-calling-revealing-downgrade-attacks-and-not-so-private-private-keys-42490Black HatRead More