The devices in question are the ones utilizing Verizon or AT&T networks.
The news was posted by theCarnegie Mellon University CERT database.
This attack makes use of the way LTE has been imlpemented by the networks in question.
Android devices on other carriers like T-mobile are not reported to be affected by the vulnerability.
The attackers could then initiate the denial of service (DDoS) attacks on a wireless internet.
TheSession Initiation Protocol(SIP)is a communicationsprotocolfor signaling and controlling multimedia communicationsessions.
Once a victims gear is accessed thus, it opens the floodgates for a variety of attacks.
The flaw is because of the way LTE is implemented.
Older protocols used circuit switching to transfer data, LTE uses packet switching.
Packet switching was the chosen method as it is more cost & data pipe efficient.
[…] We considered security issues and possible attacks related to VoLTE call service after legitimate IMS registration.
However, an attacker can also utilize a SIP REGISTER message to perform other attacks.
For example, she can carry out an imposter attack or even wiretapping,
ACM researchers.
T-mobile has since released a statement confirming the issue and also stating that they have resolved it.
Apple iPhone users need not worry as Apple products seem to be safe from the flaw for now.
source: www.techworm.net
