The AVOXI Blog:
The Most Educational VOIP Call Center Software and Business Phone System Blog in the World!

T-Mobile’s Wi-Fi Calling is Vulnerable to Hackers

T-Mobile smartphone devices have a new default Wi-Fi calling feature that keeps you connected in areas with little or no coverage using a Wi-Fi connection.    Using a Wi-Fi calling-enabled phone, users connect through a router and broadband internet service to increase service where they generally lack it.

Two students from the University of California Berkeley discovered recently that this feature leaves millions of Android users vulnerable to “Man-in-the-Middle attacks”.  The simplest way that this happens is for the attacker to be on the same open wireless network as the victim, granting them access to become a man-in-the-middle.

According to, in a technical analysis of the exploit, the flaw could potentially allow hackers to access and modify calls and messages made by T-Mobile users on certain Android smartphones.  The students informed T-Mobile of the flaw in December and on March 18 T-Mobile was able to resolve the issue for all affected phone models.

T-Mobile uses regular VoIP for Wi-Fi Calling instead of a connection that is encrypted, something that aids in its vulnerability.  The certificate validation had not been fully implemented, so without this proper verification, hackers could have created a fake certificate and pretended to be the T-Mobile server.

As the Lead Security Engineer and Linux Administration for AVOXI, Pablo's expertise and past work experience has given him insight to an array of systems and applications, well as knowledge among varied telephony equipment and developments.

Latest posts by Pablo Valenciano (see all)

Submit a Comment

Your email address will not be published. Required fields are marked *

Share This