These U.S. Carrier Networks Are Vulnerable To A New LTE Security Flaw
Another security issue has risen and this time it is concerned with a new LTE security flaw that affects two U.S. network carriers. Let us go into more detail to see how it effects potentially millions of users.
LTE Security Flaw Has Affected Android Handsets – iOS Devices Remain Secure
The two U.S. network carries that are affected by the latest LTE security flaw are AT&T and Verizon. Their LTE networks are vulnerable to a wide range of issues such as listening in on conversations, data spoofing, and over-billing for millions of customers. It is no surprise that the vulnerability has affected Android users since this particular OS does not have an appropriate safeguard of permissions. T-Mobile customers were also affected by this issue but according to a source, the problem has been resolved. Apple products have not yet been afflicted with this issue, showcasing the robust security that make up the platform.
LTE relies on packet switching, which is a common way of sending data across the internet. The new method might be a lot faster, but it opens up a lot of doors for incoming attacks through Session Initiation Protocol (SIP), a common tool that businesses use for facilitating voice calls and messages over the internet. The source states that researchers have found a method that exploits the way that SIP works. A sophisticated hacker could get access to free bandwidth of the user to engage in several data-intensive activities such as video calling.
On example illustrated by these researchers was a malicious Android app could make phone calls without the user's knowledge and even when that user has a huge bill delivered to their homes, they would not be able to isolate the problem. Additionally, this method can also be used for eavesdropping on several sensitive conversations and later on, extorting the individuals over the nature of that conversation.
The researchers state that every version of Android was at risk, whereas other attacks were network dependent. The source did manage to get in contact with a Google spokesperson, who said that the company is prepping to fix the issue for Nexus devices as part of its November Monthly Security Update, but did not divulge details on which versions of the platform were affected. While Nexus device owners can put their issues to rest, other handset owners are left in limbo since there is no information when a security patch will be released for these devices.