LTE Security Flaw Allows Data Spoofing And DDoS Attacks, Affects All Android Devices

If you have an Android smartphone running on AT&T or Verizon’s wireless network, you could be at the mercy of hackers according to a new advisory posted to the Carnegie Mellon University CERT database. The vulnerability, which was discovered by a group of South Korean researchers, targets LTE wireless networks.

LTE uses packet switching instead of older circuit switching to transfer data back and forth over the Internet. The researchers say that the new packet switching allows malicious parties to use the SIP protocol to enable a new generation of attack vectors via wireless networks. 

google android

The researchers say that if exploited, denial of service attacks can be carried out on a wireless network (due to a lack of appropriate privileges using the CALL_PHONE permissions) and spoofing phone numbers and using data without first routing through the carrier can be accomplished (essentially allowing someone to make unlimited phone calls use large amounts of data without being billed). 

Hackers could even infiltrate a wireless network — either AT&T or Verizon — and setup their own peer-to-peer connections in an effort to siphon data from connected devices and even “silently place phone calls without the user's knowledge.” While T-Mobile wireless networks were previously affected by this new exploit, it has since been eradicated according to ZDNet

According to the researchers, every version of Android released to date (including Marshmallow) are affected by the LTE exploit. However, Google, which has been notified of the permissions escalation in Android, will fix the issue in a future security update for Nexus devices.

On the other hand, if you have a carrier-provided Android smartphone from LG, Samsung, or another OEM manufacturer, you’re at the whim of your carrier for providing an update. And given the snail-like pace that carriers often take to push updates to customers, I wouldn’t hold my breath waiting for a timely solution. This is one of those instances where Google’s Nexus smartphones have a huge advantage over third-party Android smartphones.

As for LTE-capable iPhones, Apple says that its smartphones aren’t affected by this security flaw.


Via:  CERT
Show comments blog comments powered by Disqus