LTE uses packet switching instead of older circuit switching to transfer data back and forth over the Internet. The researchers say that the new packet switching allows malicious parties to use the SIP protocol to enable a new generation of attack vectors via wireless networks.
The researchers say that if exploited, denial of service attacks can be carried out on a wireless network (due to a lack of appropriate privileges using the CALL_PHONE permissions) and spoofing phone numbers and using data without first routing through the carrier can be accomplished (essentially allowing someone to make unlimited phone calls use large amounts of data without being billed).
Hackers could even infiltrate a wireless network — either AT&T or Verizon — and setup their own peer-to-peer connections in an effort to siphon data from connected devices and even “silently place phone calls without the user's knowledge.” While T-Mobile wireless networks were previously affected by this new exploit, it has since been eradicated according to ZDNet.
According to the researchers, every version of Android released to date (including Marshmallow) are affected by the LTE exploit. However, Google, which has been notified of the permissions escalation in Android, will fix the issue in a future security update for Nexus devices.
On the other hand, if you have a carrier-provided Android smartphone from LG, Samsung, or another OEM manufacturer, you’re at the whim of your carrier for providing an update. And given the snail-like pace that carriers often take to push updates to customers, I wouldn’t hold my breath waiting for a timely solution. This is one of those instances where Google’s Nexus smartphones have a huge advantage over third-party Android smartphones.