ITEM: Researchers for a French security company have published a research paper detailing security flaws in VoLTE that they say could allow hackers to spoof phone numbers and track callers.
According to Bleeping Computer, the flaws described in the paper can be exploited by an attacker using an Android smartphone:
Researchers say they identified both “active” vulnerabilities (that require modifying special SIP packets) and “passive” vulnerabilities (that expose data via passive network monitoring or do not require any SIP packet modification).
Examples of the security flaws listed in the paper include:
- Modifying SIP INVITE messages to acquire a list of all users on a mobile network
- Establising free (as in unmonitored and unbillable) data channels using SIP and SDP (Session Description Protocol) messages
- Modifying certain headers in SIP INVITE messages to place calls using another user’s phone number
- Fingerprinting network equipment of a target operator just by listening to VoLTE telephony traffic reaching an Android smartphone
- Leaking a person’s IMEI and personal information such as location.
The good news is that these flaws aren’t particularly fatal as long as operators take them seriously and take action to fix them. The researchers offer actions that operators can take to close those security gaps.
Meanwhile, a spokesperson from Ericsson told Disruptive.Asia by email that both the 3GPP and the GSMA have developed security recommendations for VoLTE, and that the security exploits listed above can be avoided “if standardized security features are switched on and security recommendations are followed by operators and device vendors.”
The research paper, “Subscribers remote geolocation and tracking using 4G VoLTE enabled Android phone,” can be downloaded here [PDF].