VWAttacker: A Systematic Security Testing Framework for Voice over WiFi User Equipments

• URL: http://arxiv.org/abs/2508.01469v1
• Date: Sat, 02 Aug 2025 19:37:57 GMT
• Title: VWAttacker: A Systematic Security Testing Framework for Voice over WiFi User Equipments
• Authors: Imtiaz Karim, Hyunwoo Lee, Hassan Asghar, Kazi Samin Mubasshir, Seulgi Han, Mashroor Hasan Bhuiyan, Elisa Bertino,
• Abstract summary: VWAttacker is a framework for analyzing the security of Voice over WiFi (VoWiFi) User Equipment (UE) implementations.<n>It uses property-guided adversarial testing to uncover security issues in different UEs systematically.<n>It extracts 63 properties from 11 specifications, evaluates 1,116 testcases, and detects 13 issues in 21 UEs.
• Score: 10.566986981707501
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: We present VWAttacker, the first systematic testing framework for analyzing the security of Voice over WiFi (VoWiFi) User Equipment (UE) implementations. VWAttacker includes a complete VoWiFi network testbed that communicates with Commercial-Off-The-Shelf (COTS) UEs based on a simple interface to test the behavior of diverse VoWiFi UE implementations; uses property-guided adversarial testing to uncover security issues in different UEs systematically. To reduce manual effort in extracting and testing properties, we introduce an LLM-based, semi-automatic, and scalable approach for property extraction and testcase (TC) generation. These TCs are systematically mutated by two domain-specific transformations. Furthermore, we introduce two deterministic oracles to detect property violations automatically. Coupled with these techniques, VWAttacker extracts 63 properties from 11 specifications, evaluates 1,116 testcases, and detects 13 issues in 21 UEs. The issues range from enforcing a DH shared secret to 0 to supporting weak algorithms. These issues result in attacks that expose the victim UE's identity or establish weak channels, thus severely hampering the security of cellular networks. We responsibly disclose the findings to all the related vendors. At the time of writing, one of the vulnerabilities has been acknowledged by MediaTek with high severity.

Related papers

• Enterprise Security Incident Analysis and Countermeasures Based on the T-Mobile Data Breach [0.0]
  This paper presents a comprehensive analysis of T-Mobile's critical data breaches in 2021 and 2023.<n>It includes a full-spectrum security audit targeting its systems, infrastructure, and publicly exposed endpoints.<n>Financial modelling demonstrates that a five-year investment yields less than 1.1% of expected breach losses.
  arXiv  Detail & Related papers  (2025-07-17T09:22:52Z)
• Securing Open RAN: A Survey of Cryptographic Challenges and Emerging Solutions for 5G [5.343932820859596]
  Open Radio Access Networks (O-RAN) introduce modularity and flexibility into 5G deployments.<n>This review synthesizes recent research across thirteen academic and industry sources, examining vulnerabilities such as cipher bidding-down attacks.<n> Emphasis is placed on emerging testbeds and AI-driven controllers that facilitate dynamic orchestration.
  arXiv  Detail & Related papers  (2025-06-11T06:04:40Z)
• CANTXSec: A Deterministic Intrusion Detection and Prevention System for CAN Bus Monitoring ECU Activations [53.036288487863786]
  We propose CANTXSec, the first deterministic Intrusion Detection and Prevention system based on physical ECU activations.<n>It detects and prevents classical attacks in the CAN bus, while detecting advanced attacks that have been less investigated in the literature.<n>We prove the effectiveness of our solution on a physical testbed, where we achieve 100% detection accuracy in both classes of attacks while preventing 100% of FIAs.
  arXiv  Detail & Related papers  (2025-05-14T13:37:07Z)
• VMGuard: Reputation-Based Incentive Mechanism for Poisoning Attack Detection in Vehicular Metaverse [52.57251742991769]
  vehicular Metaverse guard (VMGuard) protects vehicular Metaverse systems from data poisoning attacks.<n>VMGuard implements a reputation-based incentive mechanism to assess the trustworthiness of participating SIoT devices.<n>Our system ensures that reliable SIoT devices, previously missclassified, are not barred from participating in future rounds of the market.
  arXiv  Detail & Related papers  (2024-12-05T17:08:20Z)
• IDU-Detector: A Synergistic Framework for Robust Masquerader Attack Detection [3.3821216642235608]
  In the digital age, users store personal data in corporate databases, making data security central to enterprise management. Given the extensive attack surface, assets face challenges like weak authentication, vulnerabilities, and malware. We introduce the IDU-Detector, integrating Intrusion Detection Systems (IDS) with User and Entity Behavior Analytics (UEBA) This integration monitors unauthorized access, bridges system gaps, ensures continuous monitoring, and enhances threat identification.
  arXiv  Detail & Related papers  (2024-11-09T13:03:29Z)
• Soft Tester UE: A Novel Approach for Open RAN Security Testing [2.943640991628177]
  This article introduces the Soft Tester UE (soft T-UE), a software-defined test equipment designed to evaluate the security of 5G and O-RAN deployments. The soft T-UE promotes the development of new security measures and enhances the capability to anticipate and mitigate potential security breaches.
  arXiv  Detail & Related papers  (2024-10-12T20:35:49Z)
• Cross-Domain Few-Shot Object Detection via Enhanced Open-Set Object Detector [72.05791402494727]
  This paper studies the challenging cross-domain few-shot object detection (CD-FSOD) It aims to develop an accurate object detector for novel domains with minimal labeled examples.
  arXiv  Detail & Related papers  (2024-02-05T15:25:32Z)
• Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
  We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS) FLEKD enables a more flexible aggregation method than conventional model fusion techniques. Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
  arXiv  Detail & Related papers  (2024-01-22T14:16:37Z)
• A Novel Federated Learning-Based IDS for Enhancing UAVs Privacy and Security [1.2999518604217852]
  Unmanned aerial vehicles (UAVs) operating within Flying Ad-hoc Networks (FANETs) encounter security challenges due to the dynamic and distributed nature of these networks.<n>Previous studies focused predominantly on centralized intrusion detection, assuming a central entity responsible for storing and analyzing data from all devices.<n>This paper introduces the Federated Learning-based Intrusion Detection System (FL-IDS), addressing challenges encountered by centralized systems in FANETs.
  arXiv  Detail & Related papers  (2023-12-07T08:50:25Z)
• Systematically Detecting Packet Validation Vulnerabilities in Embedded Network Stacks [0.0]
  This paper provides the first systematic characterization of cybersecurity vulnerabilities in Embedded Network Stacks (ENS) We propose a novel systematic testing framework that focuses on the transport and network layers. Our results suggest that fuzzing should be deferred until after systematic testing is employed.
  arXiv  Detail & Related papers  (2023-08-21T18:23:26Z)
• Spotting adversarial samples for speaker verification by neural vocoders [102.1486475058963]
  We adopt neural vocoders to spot adversarial samples for automatic speaker verification (ASV) We find that the difference between the ASV scores for the original and re-synthesize audio is a good indicator for discrimination between genuine and adversarial samples. Our codes will be made open-source for future works to do comparison.
  arXiv  Detail & Related papers  (2021-07-01T08:58:16Z)
• Robust Object Detection via Instance-Level Temporal Cycle Confusion [89.1027433760578]
  We study the effectiveness of auxiliary self-supervised tasks to improve the out-of-distribution generalization of object detectors. Inspired by the principle of maximum entropy, we introduce a novel self-supervised task, instance-level temporal cycle confusion (CycConf) For each object, the task is to find the most different object proposals in the adjacent frame in a video and then cycle back to itself for self-supervision.
  arXiv  Detail & Related papers  (2021-04-16T21:35:08Z)
• No Need to Know Physics: Resilience of Process-based Model-free Anomaly Detection for Industrial Control Systems [95.54151664013011]
  We present a novel framework to generate adversarial spoofing signals that violate physical properties of the system. We analyze four anomaly detectors published at top security conferences.
  arXiv  Detail & Related papers  (2020-12-07T11:02:44Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.