Sign In

Communications of the ACM

ACM TechNews

Academics Find Vulnerabilities in Android's VoIP Components


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
The Android logo.

Research scientists at China's OPPO ZIWU Cyber Security Lab, the Chinese University of Hong Kong, and Singapore Management University have identified eight flaws in Android's Voice-over-Internet-Protocol (VoIP) components.

Credit: Google

Scientists at China's OPPO ZIWU Cyber Security Lab, the Chinese University of Hong Kong, and Singapore Management University identified eight flaws in Android's Voice-over-Internet-Protocol (VoIP) components.

The vulnerabilities could be harnessed to make unauthorized VoIP calls, spoof caller identities, block voice calls, and execute malware on users' devices.

The researchers found the flaws via fuzzing, by firing random, distorted data into a software component, and monitoring its reactions for abnormalities in output, like crashes or memory leakage.

Potential exploits include making malware-directed calls in the vKontakte app, via a bug in the Android Intent application programming interface, to eavesdrop on the phone owner's nearby conversations.

Six flaws are remotely exploitable, with one allowing attackers to initiate calls to a target's phone using a 1,043-character-long Session Initiation Protocol name, to facilitate denial of service.

From ZDNet
View Full Article

 

Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA


 

No entries found