Great Moto G Stylus deal on Amazon!

Android phones running on AT&T and Verizon's LTE networks are vulnerable to attack

By
9comments
AT&T Verizon Android
Android phones running on AT&T and Verizon's LTE networks are vulnerable to attack
Thanks to an issue with the Session Initiation Protocol (SIP), employed for voice calls and instant messages over LTE, those rockin' an Android phone running on AT&T or Verizon, are vulnerable to being attacked. This is the conclusion that appears on an advisory posted by Carnegie Mellon University. The latter based its paper on a report by Korean academics and security researchers. AT&T and Verizon users could be the victims of eavesdropping and data spoofing. While T-Mobile customers were also mentioned as being vulnerable, the carrier says that it has taken care of the issue.

Part of the problem lies from Android's lack of an "appropriate permissions model" for LTE networks. A malicious app can be used to have your phone silently dial premium numbers (which could end up padding your bill by a large dollar amount), and a hacker can obtain bandwidth to make video calls with no extra charge. If the exploit isn't patched, attackers can use a peer-to-peer network to steal personal content from your phone. And by creating multiple SIP sessions simultaneously, a DOS attack can be made against a network.

"We also propose immediate countermeasures that can be employed to alleviate the problems. However, we believe that the nature of the problem calls for a more comprehensive solution that eliminates the root causes at mobile devices, mobile platforms, and the core network."-ACM

"Current LTE networks rely on packet switching, rather than the circuit switching of previous generations of the mobile network. The use of packet switching and the IP protocol (particularly the SIP protocol) may allow for new types of attacks not possible on previous generation networks. Such types of attacks are well-known in the security community; for example, see previous attacks against Voice over IP (VoIP)."-CERT

Google plans on closing this hole with its November monthly security update for Nexus phones. AT&T and Verizon will have to fix the issue on their own networks. No word yet from the two largest U.S. carriers on how they intend to handle this problem.

source: ACM via CERT, ZDNet
https://m-cdn.phonearena.com/images/users/39-200/Alan-F.jpg
Alan Friedman Mobile Tech News Journalist
Alan, an ardent smartphone enthusiast and a veteran writer at PhoneArena since 2009, has witnessed and chronicled the transformative years of mobile technology. Owning iconic phones from the original iPhone to the iPhone 15 Pro Max, he has seen smartphones evolve into a global phenomenon. Beyond smartphones, Alan has covered the emergence of tablets, smartwatches, and smart speakers.

Recommended Stories

Loading Comments...

Popular stories

T-Mobile is now going to dictate where you can use its 5G internet
T-Mobile is now going to dictate where you can use its 5G internet
Samsung's killer Galaxy Watch 6 Classic trade-in deal comes just in time for Mother's Day
Samsung's killer Galaxy Watch 6 Classic trade-in deal comes just in time for Mother's Day
Apple signals the imminent release of the iPad Air (2024) and iPad Pro (2024)
Apple signals the imminent release of the iPad Air (2024) and iPad Pro (2024)
Verizon customers need to be on red alert as a phishing campaign aims to steal their money
Verizon customers need to be on red alert as a phishing campaign aims to steal their money
Why in the world would I pay top dollar for the Galaxy S24 Ultra if it gets left behind by Samsung?
Why in the world would I pay top dollar for the Galaxy S24 Ultra if it gets left behind by Samsung?
The speedy iPad Mini 2021 is even sweeter than usual after a lovely discount on Amazon
The speedy iPad Mini 2021 is even sweeter than usual after a lovely discount on Amazon

Latest News

The small but capable Bose SoundLink Flex drops to its best price at Best Buy
The small but capable Bose SoundLink Flex drops to its best price at Best Buy
Patent shows the Galaxy Z Flip 7 may come with three cameras
Patent shows the Galaxy Z Flip 7 may come with three cameras
Is Apple going to take over your home with a Google-powered robot?
Is Apple going to take over your home with a Google-powered robot?
Introducing PhoneArena Battery Score: an easier way to learn about battery life on your phone
Introducing PhoneArena Battery Score: an easier way to learn about battery life on your phone
Here is vivo’s upcoming X100s flagship in all its glory
Here is vivo’s upcoming X100s flagship in all its glory
If your Google Pixel 2 XL is still alive, you could bless it with Google's Gemini AI
If your Google Pixel 2 XL is still alive, you could bless it with Google's Gemini AI
FCC OKs Cingular\'s purchase of AT&T Wireless