LTE 4G Networks Put Androids At Risk of Overbilling and Phone Number Spoofing 113
An anonymous reader writes: Carnegie Mellon University's CERT security vulnerabilities database has issued an alert regarding the current status of LTE (Long-Term Evolution) mobile networks, which are plagued by four vulnerabilities that allow attackers to spoof phone numbers, overbill clients, create DoS (Denial of Service) states on the phone and network, and even obtain free data transfers without being charged. The vulnerabilities were discovered by 8 scientists which documented them in their research.
Android wins on openness and marketshare (Score:1)
"Only Android devices are affected, iOS users are safe"
Ah, Android, is there anything you don't fail at?
Android is open! And it still has higher marketshare than iOS!
Re: (Score:1)
haha. long term support. Literally ZERO Android phone manufacturers provide updates to their phones as long as Apple does.
Marketshare is irrelevant (Score:1)
And nobody cares about open other than a few thousand geeks who are statistically irrelevant.
Re: Marketshare is irrelevant (Score:1)
The fact that Apple could sell 15% of smartphone and get 75% of the smartphone profit in one quarter just shows how overpriced they are, essentially a lifestyle brand for conformists trying to mark themselves as successful. I like some of the Apple GUI design, and there was a time when Apple innovated, not copied android, but I don't see a compelling reason to pay more for bling.
However the extremism of some people about the free market choice of either OS type is freakishly religious. Can't we all just get
Re: (Score:2)
Android is open!
Yes. Yes it is. Perhaps a little TOO "open", yes?
And it still has higher marketshare than iOS!
Perhaps true, in the sub $100 shitbox phone category. But nowhere else. And phones and tablets that are sitting in desk drawers unused don't count.
Re: (Score:3)
There's a new iPhone coming, better get back in line at the Apple store.
But Apple's not forcing you to buy it by making your old phone obsolete.
Re: Android wins on openness and marketshare (Score:2)
No people voluntarily sleep rough to own one when they can just order one over the Internet. There's something seriously messed up about that.
Re: (Score:2)
Guess again. iOS updates don't do well on older phones by design.
Re:Android wins on openness and marketshare (Score:5, Interesting)
Meanwhile, Nexus devices are guaranteed support for 3 years from first sale or 18mo from the final date of sale on Google Play, whichever is longer. I keep seeing claims from iPhone users that "my 4 year old phone has the latest updates" while pointing out the 18mo EOL. It universally turns out that they have the model that was released 4 years prior and not an older model they simply bought 4 years ago, and that model is still being sold. What they fail to recognize is that software support for iOS devices stops the moment Apple stops selling the device (even when carriers may continue selling them for up to a year). Well, that and the fact that, while they might be running the most recent version of iOS, they only get the most recent features on the most recent devices (I'm glaring at iOS9 for the omission of splitscreening on the iPad Air [which I own], which is more than capable of supporting it; and the sad excuse that was given for Siri only being included in iOS for the 4s when it ran just gone on the 3gs as an app before Apple bought the company).
Android, and I mean true android (read: Nexus devices), on the other hand, only leaves out features that require hardware not present in the device. And, with Google's commitment to supporting the devices for a minimum of 18 months Google stops selling them, even with carriers selling the devices for up to a year after that, Nexus devices have support for at least 6 months after their last date of sale. Contrasted with iOS devices, which are still sold for up to a year after software support has ended, well, it's not hard to see why some of us prefer Android (again, Nexus).
Re: (Score:3)
What they fail to recognize is that software support for iOS devices stops the moment Apple stops selling the device (even when carriers may continue selling them for up to a year).
Small point of order - what you wrote is completely wrong. [extremetech.com]
Re: (Score:3, Informative)
In theory, the release of a new OS version from Apple is supposed to be a reason to cheer, but if you own anything but the latest hardware, that’s rarely been the case.
And it's not like I don't have any iOS devices in my home, through which I might actually know what I'm talking about. The Gen1 iPad, iPad Air, iPad Air 2, iPhone 6 Plus (along with the iPhone 5 it replaced, the iPhone 4 that
Re: (Score:2)
You forgot the context of that first sentence - namely, that new software releases have (at least in previous releases) slowed down older hardware. That does not invalidate anything I've written. ;)
Re: (Score:2)
And it's not like I don't have any iOS devices in my home, through which I might actually know what I'm talking about. The Gen1 iPad, iPad Air, iPad Air 2, iPhone 6 Plus (along with the iPhone 5 it replaced, the iPhone 4 that replaced, and the iPhone 3G that replaced) surely count for nothing
And let's just see how many are still supported in iOS 9:
iPad Air - Check!
iPad Air 2 - Check!
iPhone 6 Plus - Check!
iPhone 5 - Check!
So, out of your curiously overlapping models (why do you feel the need to upgrade virtually EVERY cycle?), 4 out of 7 of your iOS Devices are STILL being actively Supported, and one (the Gen1 iPad, released April 2010) had its last update only a year ago, and the other 2 are over 5 years old (iPhone 3G, released July 2008; iPhone 4, released June 2010).
So, since you o
Re: Android wins on openness and marketshare (Score:2)
Re: (Score:2)
So, out of your curiously overlapping models (why do you feel the need to upgrade virtually EVERY cycle?)
There was a 3Gs between the 3G and 4, a 4s between the 4 and 5, and a a 5s between the 5 and 6+. Beyond that, these have been my wife's phones and not mine; and they were upgraded because they each started having battery, screen, or button issues just as their warranties expired. As for the iPads, there were a number of them released between the first gen and the Air, were there not? I gave my wife the Air when I bought the Air 2. I don't think it unreasonable for two people to have two iPads.
why do you spend so much time bashing them
There is a hug
Re: (Score:1)
The 1st gen iPad actually got shafted for support, compared even to iPhones of the same vintage. One major update and that was all. It did NOT get an update last year [in 2014].
It shipped with iOS 4.2.x, and then got iOS 5.x, and iOS 6 was iPad 2 and later.
LOL, "true" Android (Score:1)
Re:LOL, "true" Android (Score:4, Informative)
Open, that's what all you nerds brag about
Where/when have I done this, so as to be lumped in with that group?
but then you complain there's only one Android made by Google that nobody even buys and we should ignore all the insecure, unsupported versions that 98% of people own?
I see, you're just trying to build a strawman. Try this on for size.
It is not the fault of Google or Android that manufacturers do not support their devices. Don't like Samsung's device support? Blame Samsung and don't buy Samsung anymore. Don't like LG's device support? Blame LG and don't buy LG anymore. Don't like HTC's device support? Blame HTC and don't buy HTC anymore. I could sit here and list every manufacturer, but I'm sure you get the point by now. Google does not have the same shitty support for the devices they sell directly; their support is actually quite good. That 98% of the population buys from manufacturers that just don't give a shit does not negate that 2% of us have brains and prefer to use them.
Logic fail!
Wow, most people who make those don't manage to identify them before posting. Good on you.
Re: (Score:3)
I do agree that Google should crack down on their OEM partners' shoddy support, but that does not take away from the Nexus line. Honestly, though, vanilla Android provides a better experience not just in my opinion, but also in the opinions of people who've compared my Nexus 6 to their Android device; given that, even if the OEM partners shaped up their support game, unless they did so by sh
Re: (Score:2)
I do agree that Google should crack down on their OEM partners' shoddy support
Google created the problem. The Android ecosystem has lots of competition from hardware vendors, so margins are razor thin. The only company that makes money from it is the company that takes a cut of all app sales (i.e. Google on most phones, Amazon on phones with their market installed and I think Samsung also has their own app store).
Google could easily have fixed this by having some kind of revenue-sharing agreement with vendors that ship the Google Play store: if you're getting 5% of all app sales
Re: Android wins on openness and marketshare (Score:2)
Ma'm (and please correct me if my gender assumption is incorrect), it is refreshing to once again see intelligent discussion on Slashdot and, for that, I thank you. It's a pity that you'll probably be moderated into oblivion for it.
Re: (Score:2)
Google created the problem.
And Google can fix the problem. But it doesn't.
Why?
Re: (Score:2)
That is the first viable soluion I've heard to the problem. Good on you for coming up with it; I'm guessing you're the first person to respond to one of my comments on the topic who isn't an Apple or MS (eesh) fanboi.
Ma'm (and please correct me if my gender assumption is incorrect), it is refreshing to once again see intelligent discussion on Slashdot and, for that, I thank you. It's a pity that you'll probably be moderated into oblivion for it.
I agree that is a nice idea; but not a viable one; because, at a measly 5%, it simply isn't "enough skin in the game" for the OEM to go through all the extra testing to make sure a new build still runs ok on the old hardware. For example, all it takes is one array expansion and what SEEMS like it ought to be fine, ends up crashing repeatedly on 90% of last-year's model. 5% just ain't worth it for an OEM.
And then there's the Carriers... Where's their incentive?
Re: (Score:2)
For example, all it takes is one array expansion and what SEEMS like it ought to be fine, ends up crashing repeatedly on 90% of last-year's model. 5% just ain't worth it for an OEM.
On one hand, the OEM doesn't have to maintain the store; Google does. On the other hand, maybe Google gives up 10%. And remember, that's of the purchase price of the apps, not of Google's 30%.
And then there's the Carriers... Where's their incentive?
Ask Google, Apple, and Microsoft how they get their updates approved. I'm sure that will work for the OEMs, as well. I mean, it must be working for the OEMs, as well; though they are few and far between, non-Nexus Android updates do exist in the wild.
Also, why does it seem that every time I post in an Android or iOS
Re: (Score:2)
Ask Google, Apple, and Microsoft how they get their updates approved. I'm sure that will work for the OEMs, as well. I mean, it must be working for the OEMs, as well; though they are few and far between, non-Nexus Android updates do exist in the wild.
Well, for Apple, it's simple: They were smarter than Google, and kept control of their products all the way through the Distribution Chain.
Also, why does it seem that every time I post in an Android or iOS discussion, you come along and comment? You must like me.
Turn the question around: Why does it seem that you have to post the same Apple-Hate comments every time there is an Android or Apple Article? I'm simply there to prevent you from your lies and exaggerations being the "last word".
Re: (Score:2)
Well, for Apple, it's simple: They were smarter than Google, and kept control of their products all the way through the Distribution Chain.
And yet Android demolishes iOS in market share. The people have spoken.
Apple-Hate comments
You couldn't be more off-base; my dissent is not out of hate. And yes, I really do own and regularly use the Apple products I claim; here is a partial glimpse at my battlestation [imgur.com], depicting the iPad Air (my wife and I recently traded, as the Air 2's display does not play well with the Adonit Jot Touch pen I bought) and two of three displays driven by the MacBook Pro Retina that generally stays locked in a cabinet unless I'm traveling. Yo
Re: (Score:2)
Re: (Score:2)
- System.Threading.Thread.Sleep(rand()*5000);
- moveScreen(coordStart, coordEnd);
}
Re: (Score:2)
What they fail to recognize is that software support for iOS devices stops the moment Apple stops selling the device
Right. That's why they released an iOS update specifically for the FIRST GENERATION iPad in May, 2014, and why my iPad 2 and iPhone 4s are STILL supported in iOS 9.
and the fact that, while they might be running the most recent version of iOS, they only get the most recent features on the most recent devices (I'm glaring at iOS9 for the omission of splitscreening on the iPad Air [which I own], which is more than capable of supporting it; and the sad excuse that was given for Siri only being included in iOS for the 4s when it ran just gone on the 3gs as an app before Apple bought the company).
You don't know if the GPU built into the processor in your IPA is capable of supporting two GraphPorts. I would suspect that is NOT the case; because the REGISTERS are simply not there to stuff with the begin/end coordinates, etc. Prove me wrong.
Same thing with Siri. Apple's implementation of Siri (as opposed to the generic App) obviously was c
Re: (Score:2)
Right. That's why they released an iOS update specifically for the FIRST GENERATION iPad in May, 2014
A quick bit of fact checking (e.g. firing up my first gen iPad and checking) reveals this as complete and utter bullshit.
You don't know if the GPU built into the processor in your IPA is capable of supporting two GraphPorts.
Actually, that's how app sidebarring (I'm not sure what the official name is) works, and the IPA does this just fine.
I would suspect that is NOT the case; because the REGISTERS are simply not there to stuff with the begin/end coordinates, etc. Prove me wrong.
I think I just did. And I would certainly hope this was supported, as the Motorola Atrix I owned back in 2011 (256MB of RAM, sub-gHz dual-core 32-bit CPU) was able to function as a laptop (it had a dock which included a display, keyboard, trackpad, USB hub, and extended bat
Re: (Score:2)
Re: (Score:2)
To take it even farther, I live in the bay area, less than 90 minutes from 1 Infinite Loop, and actually have friends working at Apple, in real life and not just on the intertubes. They don't argue with my assessment, or try to defend their employer's actions; on the contrary, they confirm that it is technically possible and that I am correct. And yes, one of them works on iPad hardware and the other works on iOS. Is that insider enough for you?
They don't argue with you, because they are tired of hearing it, and want to still be friends.
Has any of them come to you and said "Listen to what Apple's doing now! This is total bullshit! They could easily make [x] happen, and are crippling it on purpose just to sell the new model." And of course you can't code a fingerprint reader or touch-sensitive digitizer into a product, duh! But your complaint about Siri is unfounded. Sure, Apple could maintain two complete versions of Siri, but I would bet that w
Re: (Score:2)
They don't argue with you, because they are tired of hearing it, and want to still be friends.
There's a vast space between not arguing and confirming. They don't "not argue", they confirm. We've had a number of discussions pondering the reasons and yes, the iOS guy has started a couple of those.
Sure, Apple could maintain two complete versions of Siri,
Really? The dedicated hardware is an ASIC implementation of the software voice decoder. It doesn't change, so the software needn't change, either. There's nothing to maintain, there; the API is set in stone the moment it's burned to a chip. Google has no problem implementing a software keystore for devices wi
Re: (Score:2)
Re: (Score:2)
Missing hardware is no reason to not offer a feature - many Android phones pretend to have gyroscopic sensors by faking something together from accelerometers and the compass.
Depends on the hardware, and the feature, moron.
Let's see you fake some NFC communications, Biometric sensors, or force-sensitive touchscreen, genius.
Apple does some of that "faking" too. For example, They faked gyros before they had them, just like Android, and they currently fake GPS on the iPod Touch using WiFi location data. And on the Application level, many Apps, notably Games, have to adjust their behavior depending upon the iOS Device/iOS Version that they are running on.
But sometimes, you jus
Re: (Score:2)
Re: (Score:2)
You weren't hard enough on that AC. And I mean that sincerely.
LOL, thanks!
/. Would get rid of ACs; but like some sick Reality-Show Producer
I HATE ACs with a purple passion. 99% of genuine! unbridled, over-the-top Apple Hate (and I do mean pure Apple Hate, not Anti-Apple debate) comes from Karma-Fearing ACs, and I just get sick to DEATH of it!!!
You and I have gone after each other hammer and tongs quite a few times; but in the end, I respect your opinion, in no small part because you're willing to lay your Karma on the line and fight like a human...
I REALLY wish
Re: Android wins on openness and marketshare (Score:2)
Re: (Score:2)
Guess again. iOS updates don't do well on older phones by design.
Sure. That's why Apple has released Updates specifically to address performance issues on older devices.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
"Only Android devices are affected, iOS users are safe"
Ah, Android, is there anything you don't fail at?
Windows phone - regular updates direct from MS and a lot smoother than the laggy Android experience.
Re: (Score:2)
We work closely with our carrier partners, and encourage them to test our software as swiftly as possible. But it’s still their network, and the reality is that some carriers require more time than others. By the way, this carrier testing is a common industry practice that all of our competitors must also undergo. No exceptions.
Re: (Score:2)
Editors, please proof read submissions! (Score:4, Insightful)
Re: (Score:2)
I don't expect everyone to have perfect English (I don't)
No, but I do expect people who get paid based on their proficiency of English to have perfect English. Two that immediately come to mind are 1: Translators, and 2: Editors.
To Be Honest (Score:2, Interesting)
I have for a while now been tempted to leave Android and I've decided to do so on November 15, which is the day AT&T releases the new Windows Phone 950. Call me mad, but I'm tired of the Android shenanigans, the balkanization between carriers, and even devices within a single carrier. I've got a Nexus 6 at the moment, and it still does not have Marshmallow. I want to wait for the OTA rather than flash it myself, but come November 15, this device is gone.
Re:To Be Honest (Score:4, Insightful)
I've got a Nexus 6 at the moment, and it still does not have Marshmallow. I want to wait for the OTA rather than flash it myself, but come November 15, this device is gone.
Please send it to me. Thank you
Re: (Score:2)
So a Windows phone is somehow going to be better?
Re: (Score:2)
So a Windows phone is somehow going to be better?
Yes, updates are direct from MS rather than the carrier.
And personally I find the interface a lot nicer than the android one.
Re: (Score:2)
Well, WP does have pretty strict limits on how much OEMs and carriers are allowed to screw with the devices, or at least did for WP7.x and 8.x. Not sure what the policies for W10M will be yet. Among those limitations is a requirement that carrier-installed apps be removable (though in practice the apps may simply be UI for carrier stuff that is included in the firmware and stays when the app is removed, like T-Mobile's WiFi Calling), and that the primary shell UI not be modified. WP app compatibility is als
Data caps as vulnerability (Score:1)
4G is a vulnerability in itself, given how quickly you can use your month's worth of data...
Re: (Score:2)
Ikr I downloaded ios 9.0.2 this morning 1.42GB in under 10 minutes. Would have taken at least 15 minutes on dsl.
Re: (Score:2)
Re: (Score:2)
verizons 3g service tops out at 3mbps under ideal conditions here
verizons 4g lte service runs somewhere between 10 and 40mbps
on verizon's 3g it would take me over an hour to download 1.42GB even with the best case scenario.
Re: (Score:2)
Hmmm ... (Score:4, Interesting)
So, if it's us who can get ripped off, they'll do nothing to fix this. If it's them who can get ripped off, they'll try to get lawmakers to outlaw that so they don't have to do anything to fix it.
Should we continue to expect telcos to be inept and indifferent to this, and not give a crap if their customers are getting ripped off?
Re: (Score:3)
Hardly need spoofing in Canada (Score:4, Interesting)
The security issues are not even needed to get over-billed in Canada. With stock Android 5.1 or above (including the latest Marshmallow), use on either of the two main budget carriers can result in roaming data charges even when roaming data is disabled.
In seams, because of a programming decision as to how Android tells if it is roaming inside of a shared NVNO region and the odd decision of these two carriers to mimic in network names when using partner carriers the phone will ignore the users selection to not use roaming data and thus incur charges in the range of $1/MB.
Re: (Score:1)
Citation?
Re: (Score:3)
https://productforums.google.c... [google.com]
http://www.howardforums.com/sh... [howardforums.com]
Sounds like a feature to me! (Score:3)
"create direct peer-to-peer connections between two users without being monitored by the carrier, which, in turn, allows for free data communications"
That sounds like a app that would be nice to have if you're in the middle of nowhere without cells, but want to stay connected to friends in your party.
Re: (Score:2)
A good way to fix a vulnerability where you can send data without being charged is by charging for that data. Its always something better to say "we fix a vulnerability pointed out by security researchers" than to say "we demand money for using our infrastructure even if it is not involved".
Re: (Score:1)
Sounds like a walkie talkie. IIRC you used to be able to buy phones with this feature they had a separate radio that operated on frs/gmrs.
WAAAAY Overblown! (Score:5, Informative)
Here's a link to a page that actually describes the "vulnerabilities" they found: http://www.kb.cert.org/vuls/id... [cert.org]
All of them only apply to Voice over LTE environments, which are different from traditional mobile phone networks in that the LTE network is purely IP traffic so it's effectively a voice over IP call using standard protocols like SIP the same as an internet-based VoIP service would.
As someone who's been working in VoIP for over a decade I just have to laugh at this crap.
Let's start:
The Android operating system does not have appropriate permissions model for current LTE networks; the CALL_PHONE permission can be overruled with only the INTERNET permission by directly sending SIP/IP packets. A call made in such a manner would not provide any feedback to the user. Continually making such calls may result in overbilling or lead to denial of service.
Translation: A VoIP app doesn't require phone permissions if it's not accessing any of the OS' phone subsystems. No shit, sherlock.
The only way this could result in billing or denial of service is if the carrier was not properly authenticating the SIP traffic and was just assuming that anything from that phone aimed at the right IP address must be a legit call. That's 100% a carrier fault, not any flaw with the system. Do they propose that Android should be specifically watching for SIP traffic and require an app have the phone permission to be able to send it?
Apple reports that iOS is not affected by this issue.
I smell bullshit, but I don't have an iOS device to confirm. I doubt Apple requires that VoIP clients have special permissions over anything else.
Some networks allow two phones to directly establish a session rather than being monitored by a SIP server, thus such communication is not accounted for by the provider. This may be used to either spoof phone numbers or obtain free data usage such as for video calls.
This is carrier logic if I've ever heard it. Using the data service I pay for to send IP traffic (which happens to contain voice or video) directly to another user on the data service they pay for is somehow a vulnerability? Again I'm not sure how this is platform-specific.
Spoofing numbers again would require that the carrier have their network configured in a stupidly open and trusting fashion. None of my customers can spoof numbers unless I allow them to (hint: I don't) and it wasn't rocket science to set things up that way.
Some networks do not properly authenticate every SIP message, allowing spoofing of phone numbers.
Repeating themselves here, while this time acknowledging that it's the network's problem.
Some networks allow a user to attempt to establish multiple SIP sessions simultaneously rather than restricting a user to a single voice session, which may lead to denial of service attacks on the network. An attacker may also use this to establish a peer-to-peer network within the mobile network.
Well at least this time they blame the network from the start. I wouldn't limit users to a single session, that restricts 3/4 way calls, but reasonable limits are good there. Still not sure what would be wrong with endpoints directly contacting each other via the data service they're paying for.
I have no doubt that some carriers' networks are truly insecure enough to allow the spoofing and fraudulent usage described here, but that's entirely down to their own stupidity because none of these things are hard to prevent at the network level, even the ones that aren't actual problems.
Re: (Score:3)
You're right, and last I looked you had to specifically switch your phone over to use VoLTE. It's not enabled by default.
It's quite possible that IOS phones are not affected because they don't support the VoLTE functionality. I don't *know* that, but I do seem to recall that the VoLTE capability was added in the last year or two to Android phones, and older ones don't support it.
"Androids"? (Score:2)
Will this stop them of dreaming of electric sheep?
Or did the poster mean "Android phones"?
That's (Score:5, Informative)
The Softpedia article claims
"Only Android devices are affected, iOS users are safe"
The paper cited only describes the vulnerabilities in terms of being researched on Android. Nowhere does it say that iOS cannot have these problems.
I didn't even see anything to this effect in the CERT postings.
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
Apple has claimed it's not vulnerable to e.g. sending IP packets directly to IP addresses if those IP packets are SIP packets, with no substantiation. SIP applications can use TLS as well, making packet inspection difficult.
Most carriers use NAT's to reduce down the number of IP addresses needed for servicing mobile phones. That NAT usage will also block most unsolicited incoming IP level traffic. I.E. Traffic originating on mobile teleco's VoIP network will get through and no one else., so this becomes a non-issue.
Re: (Score:2)
Re:That's (Score:4, Interesting)
Re: (Score:1)
iOS apps can send TCP/UDP packets using approved APIs. You cannot use SOCK_RAW on an iPhone.
From memory, data and voice are recommended/required to be separate with VoLTE - data connections are tunnelled or attached to a different APN and apps cannot see the carrier LTE network directly. It's a bit like 2 VLANs over a single ethernet link.
However, since VoLTE happens at the app level rather than on the baseband, Android's hackability and security model can be convinced to expose a lot more of this to user a
Unacceptable! (Score:2)
...plagued by four vulnerabilities that allow attackers to spoof phone numbers, overbill clients, create DoS (Denial of Service) states on the phone and network, and even obtain free data transfers without being charged.
OH NOES! You can hear those carriers leaping into action when they found out that last part.
The link crashes Firefox for me (Score:1)
Another Day, Another Android Exploit (Score:2)
Why do you think that is? And don't say it's because it is the more popular platform; because that is the epitome of a strawman argument. iOS is PLENTY popular enough to be worth exploiting. So it must be something else.
Perhaps it's because the malware writers know that, on Android, the Exploit will be available on a significant number of handsets for months, e
Re:Let me guess. (Score:5, Interesting)
Let me guess... you didn't read the paper. Oh look, my guess was right while yours were not.
To be fair, that wasn't actually a guess. Every assumption you made was wrong, so it's pretty obvious that you didn't bother looking at the paper to see if you were even close to correct.