Home → News → Academics Find Vulnerabilities in Android's VoIP Components → Full Text

Academics Find Vulnerabilities in Android's VoIP Components

By ZDNet

October 8, 2019

[article image]

Scientists at China's OPPO ZIWU Cyber Security Lab, the Chinese University of Hong Kong, and Singapore Management University identified eight flaws in Android's Voice-over-Internet-Protocol (VoIP) components.

The vulnerabilities could be harnessed to make unauthorized VoIP calls, spoof caller identities, block voice calls, and execute malware on users' devices.

The researchers found the flaws via fuzzing, by firing random, distorted data into a software component, and monitoring its reactions for abnormalities in output, like crashes or memory leakage.

Potential exploits include making malware-directed calls in the vKontakte app, via a bug in the Android Intent application programming interface, to eavesdrop on the phone owner's nearby conversations.

Six flaws are remotely exploitable, with one allowing attackers to initiate calls to a target's phone using a 1,043-character-long Session Initiation Protocol name, to facilitate denial of service.

From ZDNet
View Full Article


Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA


No entries found