Credit: Silicon Angle
In the 1960s and 70s, technically savvy enthusiasts sought to game telecommunications systems to make free calls, keeping telecom engineers on their toes.
That practice, known as phreaking, involved such luminaries as Steve Jobs, Steve Wozniak and John Draper, known as Cap'n Crunch, who used a whistle from a cereal box to meddle with AT&T's long-distance trunk lines.
These days, mobile operators have fully embraced the Internet and are increasingly moving voice calls over fast, packet-switched networks, known as Voice over LTE (Long Term Evolution). The advantage is higher-quality voice calls for subscribers and lower costs for operators.
But South Korean researchers say they've found several weaknesses in VoLTE networks in the U.S. and South Korea.
Their findings, released in a research paper, conclude that it would be possible to spoof phone calls, conduct denial-of-service attacks and overbill customers. They also found it would be possible for a malicious Android app to make secret phone calls in the background due to a flaw in the mobile OS.
The fault also lies in part with operators, which haven't full vetted their infrastructure for security issues. Also, LTE standards have been implemented in different ways by operators, opening up a variety security holes.
"Basically, there are mistakes and things they have overlooked," said Yongdae Kim, a professor with the Korea Advanced Institute of Science and Technology's (KAIST) electrical engineering department, in a phone interview Tuesday.
T-Mobile, Verizon and AT&T were notified of the issues in May, according to an advisory updated on Monday from Carnegie Mellon University's CERT. None of the companies had an immediate comment.
CERT's alert said each operator's problems are different and will require them to apply their own updates, which may take time.
Google said it is working on a software patch for Android which will be released next month. Apple's mobile operating system, iOS, is not affected, according to CERT.
Android's problem is with its permissions. On 3G networks, there are separate network domains for data packets going over the Internet and phone calls, which go through circuits.
But with LTE, voice and data go over Internet. Android's permission that governs phone calls doesn't matter since calls are no longer going through a circuit-switched network, Kim said.
That opens up an interesting avenue for attack. For example, if a victim can be tricked into downloading a malicious Android application, it could, for example, initiate a video call over the data channel.
The Korean team also found it was possible for an attacker to block any phone call made by a victim or cut-off an ongoing call.
Sign up for Computerworld eNewsletters.