11/10/2022 0 Comments Arpspoof two victims c++![]() ![]() ![]() The incurred security consequences include denying voice calls, caller ID spoofing, unauthorized call operations, and remote code execution. Moreover, six of nine vulnerabilities’ severity levels were rated by Google Android security team as high or critical (the most two serious levels), which implies that most of Android VoIP vulnerabilities are serious. Two-thirds of these vulnerabilities can be exploited by a network-side adversary, which suggests that Android VoIP’s major risks come from the remote and nearby attack surfaces. Lastly, we combine automatic fuzzing tests with targeted code auditing, including log-driven and protocol specification based auditing, to eventually determine vulnerabilities.īy periodically fuzzing VoIP components on the recent Android OS from version 7.0 to 9.0 over two years, we have discovered a total of nine zero-day vulnerabilities, eight of which are system vulnerabilities and have been confirmed by Google with bug bounty awards. Second, we set up a unique VoIP testbed to perform three protocol fuzzings that mutate different fields in SIP, SDP, and RTP protocols either directly from a user agent or through a Man-In-The-Middle proxy. First, we perform Android Intent and system API fuzzing to comprehensively fuzz the local surface. With these components and their attack surfaces in mind, we propose a novel vulnerability assessment approach that assembles on-device Intent/API fuzzing, network-side packet fuzzing, and targeted code auditing. Furthermore, we identify all the four potential attack surfaces that allow physical, local, remote, and nearby attacks against Android VoIP. Specifically, we study VoIP-related Android system code to identify VoIP components and their implementations, including SIP (Session Initiation Protocol) via the nist-sip library, SDP (Session Description Protocol) via, RTP (Real-time Transport Protocol) via librtp-jni.so, codecs via libstagefright, and SIP user agent via the system phone and dialer apps. Our study begins with a demystification of Android VoIP’s protocol stack and its attack surfaces. In this paper, we conduct the first study to systematically analyze Android VoIP’s (in)security at the system level. It is thus unclear whether Android’s VoIP integration at the operating system level are secure or not. Regarding Android VoIP’s client-side security, only the privacy risks of some VoIP apps were tested , e.g., whether their traffic are encrypted with SSL/TLS. Notably, Li et al. and Kim et al. discovered multiple vulnerabilities in VoLTE’s both control- and data-plane functions, and Xie et al. uncovered four vulnerabilities in operational Wi-Fi calling services. They focused either on the weaknesses of VoIP network infrastructure, e.g., the insecure deployment of VoIP protocols at the network service providers’ side, or on the privacy concerns of third-party VoIP apps. As a result, network operators are actively promoting VoIP to modern Android smartphones , with the latest VoLTE (Voice over LTE) and VoWiFi (or Wi-Fi Calling) schemes being deployed.Įxisting works on Android VoIP security, however, are far from comprehensive. By transmitting the voice data over the Internet, VoIP offers clear benefits over the PSTN calling service, including improved quality of service, high-fidelity codecs, and lower monetary costs. VoIP is a class of new technologies that deliver voice calls over the packet-switched networks, instead of the legacy circuit-switched telecom networks, i.e., the so-called Public Switched Telephone Network (PSTN). To mitigate these vulnerabilities and further improve Android VoIP security, we uncover a new root cause that requires developers’ attention during their design and implementation. The security consequences are serious, including denying voice calls, caller ID spoofing, unauthorized call operations, and remote code execution. By testing Android from version 7.0 to the recent 9.0, we have discovered 8 zero-day Android VoIP vulnerabilities, all of which were confirmed by Google with bug bounty awards. ![]() We then propose a novel vulnerability assessment approach that assembles on-device Intent/API fuzzing, network-side packet fuzzing, and targeted code auditing. In this paper, we first demystify Android VoIP’s protocol stack and all its four attack surfaces. While prior works have analyzed the weaknesses of VoIP network infrastructure and the privacy concerns of third-party VoIP apps, no efforts were attempted to investigate the (in)security of Android’s VoIP integration at the system level. Android provides the native support of VoIP, including the recent VoLTE and VoWiFi standards. VoIP is a class of new technologies that deliver voice calls over the packet-switched networks, which surpasses the legacy circuit-switched telecom telephony. Book series (LNCS, volume 12223) Abstract ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |