acm-header
Sign In

Communications of the ACM

Home/News/Academics Find Vulnerabilities in Android's VoIP Components/Full Text
ACM TechNews

Academics Find Vulnerabilities in Android's VoIP Components

By ZDNet
October 8, 2019
Comments
View as: Print Mobile App Share:
The Android logo.

Research scientists at China's OPPO ZIWU Cyber Security Lab, the Chinese University of Hong Kong, and Singapore Management University have identified eight flaws in Android's Voice-over-Internet-Protocol (VoIP) components.

Credit: Google

Scientists at China's OPPO ZIWU Cyber Security Lab, the Chinese University of Hong Kong, and Singapore Management University identified eight flaws in Android's Voice-over-Internet-Protocol (VoIP) components.

The vulnerabilities could be harnessed to make unauthorized VoIP calls, spoof caller identities, block voice calls, and execute malware on users' devices.

The researchers found the flaws via fuzzing, by firing random, distorted data into a software component, and monitoring its reactions for abnormalities in output, like crashes or memory leakage.

Potential exploits include making malware-directed calls in the vKontakte app, via a bug in the Android Intent application programming interface, to eavesdrop on the phone owner's nearby conversations.

Six flaws are remotely exploitable, with one allowing attackers to initiate calls to a target's phone using a 1,043-character-long Session Initiation Protocol name, to facilitate denial of service.

From ZDNet
View Full Article

 

Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA

 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account