Notification Center

This is our new notification center. Inside, you will find updates on the most important things happening right now.


Hmm, push notifications seem to be disabled in your browser. You can enable them from the 'Settings' icon in the URL bar of your browser.

Android phones running on AT&T and Verizon's LTE networks are vulnerable to attack

Android phones running on AT&T and Verizon's LTE networks are vulnerable to attack
Thanks to an issue with the Session Initiation Protocol (SIP), employed for voice calls and instant messages over LTE, those rockin' an Android phone running on AT&T or Verizon, are vulnerable to being attacked. This is the conclusion that appears on an advisory posted by Carnegie Mellon University. The latter based its paper on a report by Korean academics and security researchers. AT&T and Verizon users could be the victims of eavesdropping and data spoofing. While T-Mobile customers were also mentioned as being vulnerable, the carrier says that it has taken care of the issue.

Part of the problem lies from Android's lack of an "appropriate permissions model" for LTE networks. A malicious app can be used to have your phone silently dial premium numbers (which could end up padding your bill by a large dollar amount), and a hacker can obtain bandwidth to make video calls with no extra charge. If the exploit isn't patched, attackers can use a peer-to-peer network to steal personal content from your phone. And by creating multiple SIP sessions simultaneously, a DOS attack can be made against a network.

Google plans on closing this hole with its November monthly security update for Nexus phones. AT&T and Verizon will have to fix the issue on their own networks. No word yet from the two largest U.S. carriers on how they intend to handle this problem.

source: ACM via CERT, ZDNet

New reasons to get excited every week

Get the most important news, reviews and deals in mobile tech delivered straight to your inbox

FCC OKs Cingular\'s purchase of AT&T Wireless