Google Pixel 9 with 20% discount!

Android phones running on AT&T and Verizon's LTE networks are vulnerable to attack

By
9comments
Google News Follow
Follow us on Google News
AT&T Verizon Android
Android phones running on AT&T and Verizon's LTE networks are vulnerable to attack
Thanks to an issue with the Session Initiation Protocol (SIP), employed for voice calls and instant messages over LTE, those rockin' an Android phone running on AT&T or Verizon, are vulnerable to being attacked. This is the conclusion that appears on an advisory posted by Carnegie Mellon University. The latter based its paper on a report by Korean academics and security researchers. AT&T and Verizon users could be the victims of eavesdropping and data spoofing. While T-Mobile customers were also mentioned as being vulnerable, the carrier says that it has taken care of the issue.

Part of the problem lies from Android's lack of an "appropriate permissions model" for LTE networks. A malicious app can be used to have your phone silently dial premium numbers (which could end up padding your bill by a large dollar amount), and a hacker can obtain bandwidth to make video calls with no extra charge. If the exploit isn't patched, attackers can use a peer-to-peer network to steal personal content from your phone. And by creating multiple SIP sessions simultaneously, a DOS attack can be made against a network.

"We also propose immediate countermeasures that can be employed to alleviate the problems. However, we believe that the nature of the problem calls for a more comprehensive solution that eliminates the root causes at mobile devices, mobile platforms, and the core network."-ACM

"Current LTE networks rely on packet switching, rather than the circuit switching of previous generations of the mobile network. The use of packet switching and the IP protocol (particularly the SIP protocol) may allow for new types of attacks not possible on previous generation networks. Such types of attacks are well-known in the security community; for example, see previous attacks against Voice over IP (VoIP)."-CERT

Google plans on closing this hole with its November monthly security update for Nexus phones. AT&T and Verizon will have to fix the issue on their own networks. No word yet from the two largest U.S. carriers on how they intend to handle this problem.

source: ACM via CERT, ZDNet
Create a free account and join our vibrant community
Register to enjoy the full PhoneArena experience. Here’s what you get with your PhoneArena account:
  • Access members-only articles
  • Join community discussions
  • Share your own device reviews
  • Build your personal phone library
Register For Free
https://m-cdn.phonearena.com/images/users/39-200/Alan-F.jpg
Alan Friedman Senior News Writer
Alan, an ardent smartphone enthusiast and a veteran writer at PhoneArena since 2009, has witnessed and chronicled the transformative years of mobile technology. Owning iconic phones from the original iPhone to the iPhone 15 Pro Max, he has seen smartphones evolve into a global phenomenon. Beyond smartphones, Alan has covered the emergence of tablets, smartwatches, and smart speakers.

Recommended Stories

Loading Comments...

Popular stories

T-Mobile gift goes up in smoke, teaching everyone an important lesson
T-Mobile gift goes up in smoke, teaching everyone an important lesson
Leak reveals T-Mobile will accept trades in any condition for super iPhone 16, Galaxy S24 deal
Leak reveals T-Mobile will accept trades in any condition for super iPhone 16, Galaxy S24 deal
T-Mobile shares crash following comments made by CEO Mike Sievert
T-Mobile shares crash following comments made by CEO Mike Sievert
T-Mobile finally confirms rumors about T Life app
T-Mobile finally confirms rumors about T Life app
Third-party USB-C cables can wipe out your financial accounts before you know there's a problem
Third-party USB-C cables can wipe out your financial accounts before you know there's a problem
AT&T and Verizon are withholding crucial information from over a million customers
AT&T and Verizon are withholding crucial information from over a million customers

Latest News

Google Pixel 10 series will reportedly debut with MediaTek modem, ditching Qualcomm
Google Pixel 10 series will reportedly debut with MediaTek modem, ditching Qualcomm
Apple reportedly targets 2028 as the year its very large foldable iPad with almost no crease arrives
Apple reportedly targets 2028 as the year its very large foldable iPad with almost no crease arrives
Ex-Metro rep turns whistleblower and reveals schemes that allegedly defraud customers (UPDATE)
Ex-Metro rep turns whistleblower and reveals schemes that allegedly defraud customers (UPDATE)
In the EU, Apple will stop selling these iPhone models in approximately two weeks
In the EU, Apple will stop selling these iPhone models in approximately two weeks
The Pixel Phone app has new audio emoji for the holidays and a new location for the video call icon
The Pixel Phone app has new audio emoji for the holidays and a new location for the video call icon
AT&T shuts down its messaging apps prematurely and deletes cloud backups
AT&T shuts down its messaging apps prematurely and deletes cloud backups
FCC OKs Cingular\'s purchase of AT&T Wireless