VoWi‐Fi security threats: Address resolution protocol attack and countermeasures

Abstract

AbstractB5G/6G networks are facing challenges in the deployment of additional base stations. However, Taiwan's four major operators have launched VoWi‐Fi calling services to maintain signal quality and coverage for customers. These services pose potential threats when users connect to untrusted Wi‐Fi networks. Therefore, the authors utilised commercial equipment to study the security of VoWi‐Fi calling services offered by Taiwan's four major telecom companies. The authors employed address resolution protocol attack methods to develop two verification attacks that bypass existing security measures: one for dropping session initiation protocol packets and the other for dropping voice call packets, both capable of circumventing current security defences. Through real‐world experiments, the authors confirmed their feasibility and assessed their potential harm. Consequently, two defence methods are proposed. The first is an anti‐attack algorithm for app and device manufacturers to detect the security of the user's calling environment. The second is a recommendation for telecom operators to implement new detection mechanisms to safeguard user rights.