Posted on 10/17/2015 8:27:34 PM PDT by Swordmaker
A newly found security flaw could be affecting every Android device on AT&T or Verizon’s wireless network, according to an advisory posted by the Carnegie Mellon University CERT database. The vulnerability in question targets LTE wireless networks and takes advantage of the way some US carriers have implemented the technology on their respective networks. Users on T-Mobile network are reportedly not affected.
A group of South Korean researchers, on Friday, reported about a vulnerability that puts a large pool of Android devices -- every version of Android including Marshmallow -- in the United States at risk. If exploited, attackers could circumvent Session Initiation Protocol (SIP), often used in voice calls and instant messaging, to gain access to a victim's device. The attackers could then initiate the denial of service (DDoS) attacks on a wireless network. The access to a victim's network opens door to a number of sophisticated and serious attacks such as bypassing the VoLTE's accounting system to freely use the bandwidth, and wiretapping the victim's calls and messages.
The security flaw largely lies in the way LTE technology works. LTE uses packet switching instead of older circuit switching to transfer data across the Internet. Packet switching is more network and cost efficient, and also more reliable. Furthermore, the mechanism makes it possible for the system to detect if a network route is faulty and automatically finds another way to send the data. However, it is also prone to a number of new vulnerabilities.
"[...] We considered security issues and possible attacks related to VoLTE call service after legitimate IMS registration. However, an attacker can also utilize a SIP REGISTER message to perform other attacks. If there are vulnerabilities in the registration phase, an attacker can control all access to a victim’s VoLTE service. For example, she can carry out an imposter attack or even wiretapping,”
A spokesperson for T-Mobile acknowledged the existence of the aforementioned security flaw, and told ZDNet that they have resolved the issue. As per the researchers, Apple’s iPhones aren’t affected with this vulnerability. A Google spokesperson told the publication that they would roll out a fix for the said flaw for Nexus devices in their monthly security patch in November.
Source: CERT via ZDNet | Android logotype printed on paper and placed in the sand image by Shutterstock
Ping to dayglored, Shadow Ace, and ThunderSleeps for your ping lists.
If you want on or off the Mac Ping List, Freepmail me.
I still use a dumb phone...
Same here, and I often forget to turn the thing on.
The fetish with 24/7 "being in touch" is rather pathetic.
It is amusing to watch other diners taking smartphone pics of their dinners as they are served, no doubt to immediately post to some effete website.
Yet another reason to avoid Apple.
Oh, wait, never mind.
My Favorite..
2 couples dining together....all four diners staring intently....at their Phones...and uttering nary a word....to one another.
my other favorite...a Bicyclist,,,Texting,, while riding ....hands free of course
Important vulnerability information that deserves immediate attention.
Android users weep in hopeless dispair, knowing there is readily available repair.
Android hate smug Apple even more.
A Google spokesperson told the publication that they would roll out a fix for the said flaw for Nexus devices in their monthly security patch in November.
And this is the reason why I have a Nexus device...
Makes you wonder if People ever communicate the old way anymore, like talking. How was your day? Did you hear me? Oh are you talking to me?
Deliberate lack of security is hardly a flaw...and we all know the NSA has ALL of Hillary’s emails, too:
AT&T/Verizon-NSA partnership shows why government and businesses shouldnt mix
POSTED AT 5:01 PM ON AUGUST 16, 2015 BY TAYLOR MILLARD
NSA Spying Relies on AT&Ts Extreme Willingness to Help
https://www.propublica.org/article/nsa-spying-relies-on-atts-extreme-willingness-to-help
Surveillance ‘partnership’ between NSA and telcos points to AT&T, Verizon
http://www.cnet.com/news/surveillance-partnership-between-nsa-and-telcos-points-to-at-t-verizon/
New Details Show Broader NSA Surveillance Reach
Programs Cover 75% of Nation’s Traffic, Can Snare Emails
http://www.wsj.com/articles/SB10001424127887324108204579022874091732470
U.S., British intelligence mining data from nine U.S. Internet companies in broad secret program
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.