Hackers Can Spoof Phone Numbers, Track Users via 4G VoLTE Mobile Technology

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
A team of researchers from French company P1 Security has detailed a long list of issues with the 4G VoLTE telephony, a protocol that has become quite popular all over the world in recent years and is currently in use in the US, Asia, and most European countries.

VoLTE stands for Voice Over LTE — where LTE stands for Long-Term Evolution and is a high-speed wireless communication for mobile phones and data terminals, based on older GSM technology.

In simpler terms, VoLTE is a mash-up between LTE, GSM, and VoIP, a technology used for Voice-over-the-Internet communications. The protocol rolled out in 2012 in South Korea and Singapore and has become very popular because it blends the benefits of old circuit-switched protocols (stability) with the benefits of modern IP protocols (call quality & speed).

Because VoLTE looks primed to spread to all operators across the globe, P1 Security experts have conducted an audit of this new technology. Their findings, documented in a research paper, reveal serious flaws that could be exploited by attackers only with an Android phone connected to a mobile network.

Researchers say they identified both "active" vulnerabilities (that require modifying special SIP packets) and "passive" vulnerabilities (that expose data via passive network monitoring or do not require any SIP packet modification). Below is a list summarizing the team's findings:

User enumeration using SIP INVITE messages
....
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top