LTE is a key feature in many Android devices, which have been recently found to be vulnerable to attacks in terms of loss of privacy, incorrect billing and data spoofing. Google's Android operating system "does not have appropriate permissions" for current LTE networks and information stored on the device can be compromised.
An advisory posted by Carnegie Mellon University's public vulnerability database (CERT) on Friday claimed that the existing Call_Phone permission can be overruled by using the Internet permission.
This means, attackers can remotely attempt to establish multiple peer-to-peer connections on Android devices, to retrieve user data. Also, the loophole enables attackers to spoof phone numbers, when users are making calls via a Voice-over-LTE or VoLTE network.
"Some networks allow two phones to directly establish a session rather than being monitored by a SIP, thus such communication is not accounted for by the provider," CERT wrote in the advisory, which is based on a research published by Korean academics and security researchers.
"This may be used to either spoof phone numbers or obtain free data usage such as for video calls," the report said.
Apart from allowing two phones to directly establish a session, the advisory stated that some networks allow users to establish "multiple SIP sessions". This may lead to denial-of-service attacks on the network. Also, SIP messages on some networks are not authenticated that allow spoofing of phone numbers from affected Android devices.
Unlike the 3G technology that uses different models for internet connection and phone calls, LTE uses a packet-switching model for internet as well as calling. The upgrade enables a VoLTE solution that does not require any fallback on the older circuit-switching technology on 3G, but can lead to various attacks that were not previously possible.
The researchers noted that devices running on iOS are unaffected by the issue as it appears to have an appropriate permissions model. However, all Android devices that are based on VoLTE networks could be vulnerable to attacks. A remote attacker can directly retrieve data or spoof phone numbers. In addition, a malicious mobile app could be used to make phone calls from another device, without the user's knowledge.
T-Mobile and Verizon are among the networks that are being recognised at-risk from the new vulnerability but a test on AT&T network is yet to be conducted. The researchers suggest that service providers need to apply updates to their networks to resolve the vulnerability issue.
IBTimes UK contacted a Google spokesperson, who declined to comment on the issue. But ZDNet has reported that the company is in development to fix the vulnerability on Nexus devices through its November monthly security update. Other OEMs such as HTC, Motorola and Samsung are likely to release similar fixes for their Android devices in the coming future.