Android phones running on AT&T and Verizon's LTE networks are vulnerable to attack

Android phones running on AT&T and Verizon's LTE networks are vulnerable to attack
Thanks to an issue with the Session Initiation Protocol (SIP), employed for voice calls and instant messages over LTE, those rockin' an Android phone running on AT&T or Verizon, are vulnerable to being attacked. This is the conclusion that appears on an advisory posted by Carnegie Mellon University. The latter based its paper on a report by Korean academics and security researchers. AT&T and Verizon users could be the victims of eavesdropping and data spoofing. While T-Mobile customers were also mentioned as being vulnerable, the carrier says that it has taken care of the issue.

Part of the problem lies from Android's lack of an "appropriate permissions model" for LTE networks. A malicious app can be used to have your phone silently dial premium numbers (which could end up padding your bill by a large dollar amount), and a hacker can obtain bandwidth to make video calls with no extra charge. If the exploit isn't patched, attackers can use a peer-to-peer network to steal personal content from your phone. And by creating multiple SIP sessions simultaneously, a DOS attack can be made against a network.


Google plans on closing this hole with its November monthly security update for Nexus phones. AT&T and Verizon will have to fix the issue on their own networks. No word yet from the two largest U.S. carriers on how they intend to handle this problem.

source: ACM via CERT, ZDNet

FEATURED VIDEO

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless