Paper highlights VoLTE vulnerabilities: spoofing, DoS attacks, unbilled data usage

Advertisement

Using high-speed, efficient LTE data networks to handle voice calls makes a lot of sense, so it’s little surprise we already see plenty of carriers supporting such VoLTE systems – a number that’s only likely to increase. But for all the promise VoLTE promises, it also represents a major shift to the way voice calls are handled by phone hardware, routed, and even billed – changes that have the potential to cause users and carriers alike a few headaches. In a recent paper, a team of researchers in South Korea and the US highlight a number of these vulnerabilities, as well as discuss ways carriers and phone makers could go about securing their systems.

For instance, right now many users taking advantage of VoLTE may have service plans offering unlimited voice minutes, but still charging users for how much data they consume. By embedding data streams within VoLTE calls, a data-cheat may be able to send large amounts of data to a remote source without it counting against his plan’s allocation.

And because VoLTE call setup and reception is handled by apps on your phone rather than the normally restricted baseband radio, it’s possible for malicious software that makes its way onto a VoLTE-enabled phone to block a user’s ability to receive calls – without the user having any on-screen indication that something’s amiss.

There’s also the potential for users who are being billed per-call to disguise video calls (which in some markets are billed distinct from voice calls) as voice traffic, and for callers initiating VoLTE calls to misrepresent their phone numbers, spoofing someone else’s identity. The researchers take the time to highlight some countermeasures companies could put in place to address many of these vulnerabilities, but with VoLTE adoption still in its infancy, it’s not clear just how seriously carriers might take all these attacks, and whether they’ll see fit to dedicating the resources to address them – concentrating instead on simply getting things working at all.

Source: Kim et al. (ACM Digital Library)
Via: Slashdot

Advertisement

What's your reaction?
Love It
0%
Like It
0%
Want It
0%
Had It
0%
Hated It
0%
About The Author
Stephen Schenck
Stephen has been writing about electronics since 2008, which only serves to frustrate him that he waited so long to combine his love of gadgets and his degree in writing. In his spare time, he collects console and arcade game hardware, is a motorcycle enthusiast, and enjoys trapping blue crabs. Stephen's first mobile device was a 624 MHz Dell Axim X30, which he's convinced is still a viable platform. Stephen longs for a market where phones are sold independently of service, and bandwidth is cheap and plentiful; he's not holding his breath. In the meantime, he devours smartphone news and tries to sort out the juicy bitsRead more about Stephen Schenck!