#CISPA@USENIX Security – Security Vulnerabilities in WLAN Calling with Adrian Dabrowski and Gabriel Gegenhuber

Our summer conference series 2024 ends with a bang, or rather, with quite a few in the background of our recording. The USENIX Security Symposium 2024 in Philadelphia was quite well attended, making it a bit challenging to find a suitable place for recording. But hey, that's live. Adrian and Gabriel gave us insights into their research on the mobile protocol Voice over WiFi, which underlies so-called WLAN calling. WLAN calling allows modern smartphones to establish phone connections not only via the mobile network but also via Wi-Fi. The goal is to ensure connectivity even in places with poor mobile reception, such as tunnels, basements, or train rides. However, two critical security vulnerabilities have made such calls a bit unsafe in the past. Fortunately, these vulnerabilities have now been closed thanks to the researchers. In this special edition of CISPA TL;DR, Adrian and Gabriel tell us what went wrong with calls from different manufacturers and mobile providers, how they became aware of the issue, and what happened next.