LTE Security Flaw Allows Data Spoofing And DDoS Attacks, Affects All Android

A few scary news was revealed recently when it was found out that due to new LTE implementations to AT&T and Verizon devices, users were left open to many security and privacy breaches.

LTE uses packet switching instead of older circuit switching to transfer data back and forth over the Internet.

But, using packet switching for sending data also makes devices on the network vulnerable to new types of attacks, especially against the Session Initiation Protocol (SIP) generally used for voice calls and instant messaging. Google’s Android operating system “does not have appropriate permissions” for current LTE networks and information stored on the device can be compromised.

T-mobile has since released a statement confirming the issue and also stating that they have resolved it. Apple iPhone users need not worry as Apple products seem to be safe from the flaw for now. While T-Mobile wireless networks were previously affected by this new exploit, it has since been eradicated according to ZDNet. It’s quite possible for any invader to get hold of free bandwidth for extra data-intensive actions, like video calling, lacking any additional costs.

The two USA network carries that are affected by the latest LTE security flaw are AT&T and Verizon.

The advisory said each network was vulnerable to “one or more” of the issues. CERT said it is “unaware of a practical solution” to easily fix the vulnerabilities and it will be up to each carrier and handset manufacturer to ensure that the SIP standards are met.

The security flaw largely lies in the way LTE technology works. “A malicious mobile app for Android may be able to silently place phone calls without the user’s knowledge”. That could be used to generate money on premium lines, over-billing, as well conducting targeted eavesdropping.

As per the researchers, every android phone is at high risk; however, sources confirmed that this issue will be fixed very soon. Also, SIP messages on a few networks are not authenticated that allow spoofing of phone numbers from affected Android devices.

An AT&T spokesperson did not immediately provide comment.

Google has also spoken up, announcing that they are working on fixing the issue for Nexus devices in November, but that is still a long wait for such an urgent matter as a security breach. An email to Verizon was not returned.