VoLTE Security Vulnerability on Note 4, Other Android Devices

Toggle sidebar Toggle sidebar
A

amitmalhotradc

New member
Aug 22, 2015
2
0
0
Carnegie Mellon publicized a security vulnerability related to VoLTE on Android devices:

[Android Central is giving me an error message for trying to post a link. Just, uh, Google Vulnerability Note VU#943167.]

Called my carrier and they hadn't heard of it. Looks pretty scary.

Questions:

1. Any other thoughts about it?
2. When I called my carrier they said if I went to Settings, General, Security and made sure Unknown Sources was unchecked, I should be OK. Then when I asked the agent for more information on the issue, she said she checked around and no one in her group had heard of it. Which made the advice somewhat suspect. Opinions?
3. If this is related to VoLTE, can I switch VoLTE off? I went into Settings, Connections, Data usage, Mobile data ... and Enhanced 4G LTE services is unchecked. Does that mean it is not using VoLTE?

Any input would be much appreciated!

Amit
 
CERT has a pretty good write-up. Funny thing is that the GSM protocol used to have the same basic vulnerability (if a phone is connected, it is by definition trusted). You'd think even in their zeal to implement VoLTE the carriers would remember lessons past.

Vulnerability Note VU#943167 - Voice over LTE implementations contain multiple vulnerabilities


Bascially, this allows calls to be made over VoLTE from my phone without the PHONE permission, since the app could craft VoIP packets that look like the phone app, and some carriers are not putting authentication on their SIP/VoIP servers.

Probably the best way is to have a list Internet addresses that the carriers set that require the PHONE permission. Then the carriers just load their whitelist and if Android detects a SIP/VoIP packet they check the list. If the address is on the carrier's list and the app does not have PHONE permission, the packet is blocked. That would allow other SIP protocols to work, but the carrier's would only work for apps that can use the PHONE.

Not really worried. I have a pay-per-minute plan and the biggest risk is a lot of my minutes being used which would cost me money.


An equally interesting question is, how is iOS not vulnerable to this? Are they doing something similar to the above? They don't even do per-app permissions, do they?
 
You must log in or register to reply here.

Similar threads

D
Iphone user, have questions about the Note 9
Replies
13
Views
4K
Samsung Galaxy Note 9
Gayle Lynn
Gayle Lynn
M
Android (various versions) – Delayed push notifications on mobile data
Replies
4
Views
4K
General Help and How To
d3rezz
D
S
Re-Enable Trusted Credentials on Galaxy S4
Replies
1
Views
4K
Verizon Samsung Galaxy S4
itguyjax8430
itguyjax8430
D
my note 4 buying experience
Replies
4
Views
2K
Samsung Galaxy Note 4
GregMargie
GregMargie
Tom Westrick
Apple vs. Google vs. Microsoft: which company handles your data better?
Replies
8
Views
14K
Phone Wars
Aquila
A

Latest posts

Trending Posts

Members online

Total: 4,680 (members: 13, guests: 4,667)

Forum statistics

Threads
957,267
Messages
6,972,110
Members
3,163,745
Latest member
kali-arm64

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom