If your mobile device is featured as Wi-Fi Auto Connect and Wi-Fi calling, you need to change the function immediately, says a new research. It is learned such functionality poses privacy risks.
With the help of fake cellular network towers called IMSI catchers the hackers as well as law enforcement agencies have for a long time tricked mobile devices to connect to them. Lately researchers have found the same, but in a much cheaper way with the help of a simple Wi-Fi hotspot.
IMSI is a short name for international mobile subscriber identity. Every mobile subscriber has a unique number and it can be tracked with the help of such catchers. In some cases it can intercept calls.
Now according to researchers Piers O’Hanlon and Ravishankar Borgaonkar from University of Oxford’s Department of Computer Science the Wi-Fi networks can be used for tricking of mobile devices and IMSI numbers can be exposed.
Reason behind this small hack is the protocol and configuration weaknesses in mobile data offloading technologies that is adopted by mobile operators for keeping the costs low and also reduce congestion on the networks.
The technologies are supported on devices run on Android, iOS, Windows Phone and Blackberry. The Wi-Fi Auto Connect use Extensible Authentication Protocol over LAN (EAPOL) and IMSI number as well as temporary identities are used for the authentication methods.
It is to note here the leak of IMSI numbers is a privacy concern as several services on the web allows matching of phone numbers and thereafter identity of the owner.