Vulnerability Note VU#943167
Voice over LTE implementations contain multiple vulnerabilities
Long Term Evolution (LTE) mobile networks are currently deployed through the world. These LTE mobile networks make use of full packet switching and the IP protocol, unlike previous iterations of the mobile network. This change from circuit switching to packet switching allows new attacks not previously possible. Some implementations of LTE networks and mobile applications are currently vulnerable to several issues which may result in loss of privacy, incorrect billing, and data spoofing.
Current LTE networks rely on packet switching, rather than the circuit switching of previous generations of the mobile network. The use of packet switching and the IP protocol (particularly the SIP protocol) may allow for new types of attacks not possible on previous generation networks. Such types of attacks are well-known in the security community; for example, see previous attacks against Voice over IP (VoIP).
The following is a list of vulnerabilities discovered by the security researchers in some current implementations of LTE networks. Note that every carrier has its own implementation, and may not be vulnerable to every issue listed below.
A remote attacker on the provider's network may be able to establish peer-to-peer connections to directly retrieve data from other phones, or spoof phone numbers when making calls. A malicious mobile app for Android may be able to silently place phone calls without the user's knowledge.
The CERT/CC is currently unaware of a practical solution to these problems.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Affected||-||19 Aug 2015|
|Apple||Not Affected||31 Aug 2015||25 Sep 2015|
|AT&T||Unknown||21 May 2015||19 Oct 2015|
|TMobile||Unknown||21 May 2015||16 Oct 2015|
|Verizon||Unknown||21 May 2015||19 Oct 2015|
CVSS Metrics (Learn More)
Thanks to Hongil Kim, Dongkwan Kim, Minhee Kwon, Hyungseok Han, Yeongjin Jang, Dongsu Han, Taesoo Kim, and Yongdae Kim for reporting this vulnerability and coordinating with vendors.
This document was written by Garret Wassermann.
- CVE IDs: Unknown
- Date Public: 13 Oct 2015
- Date First Published: 16 Oct 2015
- Date Last Updated: 20 Oct 2015
- Document Revision: 75
If you have feedback, comments, or additional information about this vulnerability, please send us email.