1. amitmalhotradc's Avatar
    Carnegie Mellon publicized a security vulnerability related to VoLTE on Android devices:

    [Android Central is giving me an error message for trying to post a link. Just, uh, Google Vulnerability Note VU#943167.]

    Called my carrier and they hadn't heard of it. Looks pretty scary.


    1. Any other thoughts about it?
    2. When I called my carrier they said if I went to Settings, General, Security and made sure Unknown Sources was unchecked, I should be OK. Then when I asked the agent for more information on the issue, she said she checked around and no one in her group had heard of it. Which made the advice somewhat suspect. Opinions?
    3. If this is related to VoLTE, can I switch VoLTE off? I went into Settings, Connections, Data usage, Mobile data ... and Enhanced 4G LTE services is unchecked. Does that mean it is not using VoLTE?

    Any input would be much appreciated!

    10-19-2015 02:59 PM
  2. natehoy's Avatar
    CERT has a pretty good write-up. Funny thing is that the GSM protocol used to have the same basic vulnerability (if a phone is connected, it is by definition trusted). You'd think even in their zeal to implement VoLTE the carriers would remember lessons past.

    Vulnerability Note VU#943167 - Voice over LTE implementations contain multiple vulnerabilities

    Bascially, this allows calls to be made over VoLTE from my phone without the PHONE permission, since the app could craft VoIP packets that look like the phone app, and some carriers are not putting authentication on their SIP/VoIP servers.

    Probably the best way is to have a list Internet addresses that the carriers set that require the PHONE permission. Then the carriers just load their whitelist and if Android detects a SIP/VoIP packet they check the list. If the address is on the carrier's list and the app does not have PHONE permission, the packet is blocked. That would allow other SIP protocols to work, but the carrier's would only work for apps that can use the PHONE.

    Not really worried. I have a pay-per-minute plan and the biggest risk is a lot of my minutes being used which would cost me money.

    An equally interesting question is, how is iOS not vulnerable to this? Are they doing something similar to the above? They don't even do per-app permissions, do they?
    10-19-2015 04:09 PM

Similar Threads

  1. Moto G from Moto Maker used on Virgin Mobile
    By colton groters in forum Moto G (2015)
    Replies: 4
    Last Post: 11-04-2015, 02:27 PM
  2. How do I stop NOTE from making highlight videos
    By Kilgore Trout in forum Samsung Galaxy Note 5
    Replies: 10
    Last Post: 10-22-2015, 01:24 PM
  3. MMS only data connection on a Moto G XT1032
    By AC Question in forum Ask a Question
    Replies: 0
    Last Post: 10-19-2015, 02:37 PM
  4. Question: Buying Note 5 Unlocked
    By on1yalad in forum Samsung Galaxy Note 5
    Replies: 0
    Last Post: 10-19-2015, 02:06 PM
  5. How can I get music from my sd card to play on my harrier mobile phone?
    By AC Question in forum General Help and How To
    Replies: 0
    Last Post: 10-19-2015, 01:47 PM