Jump to content
Login new information ×
Login new information

LTE 4G Networks Put Android Users at Risk of Overbilling and Phone Number Spoofing

vissha

By vissha
in Mobile News

Recommended Posts

vissha

vissha

Posted
Posted

LTE 4G Networks Put Android Users at Risk of Overbilling and Phone Number Spoofing

lte-4g-networks-put-android-users-at-ris

There's no fix for the reported issues at this moment

Carnegie Mellon University's CERT security vulnerabilities database has issued an alert regarding the current status of LTE (Long-Term Evolution) mobile networks, which are plagued by four vulnerabilities that allow attackers to spoof phone numbers, overbill clients, create DoS (Denial of Service) states on the phone and network, and even obtain free data transfers without being charged.

The vulnerabilities stem from classic VoIP-related attacks, LTE mobile networks using an internal structure that employs packet switching and the IP protocol (just like VoIP), instead of traditional circuit-switched mobile networks.

As CERT's team explains, the four vulnerabilities (CWE-732, CWE-284, CWE-287, and CWE-384) allow attackers to take advantage of some things like incorrectly set call permissions, the ability to establish direct sessions between phones, improper authentication for SIP messages, and a bug that enables attackers to establish multiple sessions with the same phone number.

These vulnerabilities, when exploited, lead to situations where the attackers can spoof any phone number they desire, initiate phone calls on the victim's phone (creating a DoS state or overbilling them), or create direct peer-to-peer connections between two users without being monitored by the carrier, which, in turn, allows for free data communications, numbers spoofing, or DoS states.

Only Android devices are affected, iOS users are safe

All vulnerabilities can be exploited remotely, and right now, there is no known fix for these problems.

Additionally, the vulnerabilities seem to affect only the Android operating system, Apple reporting no issues in iOS. The status of these vulnerabilities on America's largest mobile networks (AT&T, T-Mobile, and Verizon) is not known.

The CERT vulnerabilities presented above are based on the research of eight scientists from KAIST (Korea Advanced Institute of Science and Technology) and the Georgia Institute of Technology, USA. Their research is called Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-implementations.

Source

Link to comment
Share on other sites
  • Replies 5
  • Views 1.5k
  • Created
  • Last Reply
sanjoa

sanjoa

Posted
Posted

:( and my carrier is still on 2G in my town.

Wow! You live in an area with low population density?

Yes. But at some time between 2016 and 2018 we will be upgraded to 3G/4G because of goverment laws.

Link to comment
Share on other sites
mazigh

mazigh

Posted
Posted

:( and my carrier is still on 2G in my town.

Wow! You live in an area with low population density?

Yes. But at some time between 2016 and 2018 we will be upgraded to 3G/4G because of goverment laws.

I just checked OpenSignal Data of your country and it seems they are not covering it very well, chile seems better, Good luck with 3G/4G upgrade

Link to comment
Share on other sites
Holmes

Holmes

Posted
Posted

This is mobile news not security and privacy news.

As for LTE fourg I have it and Im going to check on this.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...