Diffie-Hellman Picture Show: Key Exchange Stories from Commercial VoWiFi Deployments
Gabriel K. Gegenhuber, Florian Holzbauer, Philipp É. Frenzel, Edgar Weippl, Adrian Dabrowski
33rd USENIX Security Symposium · Day 1 · USENIX Security '24
This talk, "Diffie-Hellman Picture Show," presented by Gabriel K. Gegenhuber from the University of Vienna, delves into the critical security landscape of Voice over Wi-Fi (VoWiFi), also known as Wi-Fi Calling. VoWiFi has become a preferred channel for mobile operators due to its cost-effectiveness and reliance on existing Wi-Fi infrastructure, making it a ubiquitous and essential service for millions of subscribers globally. The research uncovers significant vulnerabilities in the **key exchange mechanisms** underpinning VoWiFi security, exposing user communications to potential eavesdropping and decryption.
AI review
This research uncovers catastrophic vulnerabilities in commercial VoWiFi, from widespread use of deprecated Diffie-Hellman groups and critical downgrade flaws to the shocking discovery of 16 operators sharing identical private keys affecting 140 million subscribers. The methodical analysis and the revelation of persistent key management failures in core network equipment make this a crucial, must-see deep dive into telco security.