Scientists at China's OPPO ZIWU Cyber Security Lab, the Chinese University of Hong Kong, and Singapore Management University identified eight flaws in Android's Voice-over-Internet-Protocol (VoIP) components.
The vulnerabilities could be harnessed to make unauthorized VoIP calls, spoof caller identities, block voice calls, and execute malware on users' devices.
The researchers found the flaws via fuzzing, by firing random, distorted data into a software component, and monitoring its reactions for abnormalities in output, like crashes or memory leakage.
Potential exploits include making malware-directed calls in the vKontakte app, via a bug in the Android Intent application programming interface, to eavesdrop on the phone owner's nearby conversations.
Six flaws are remotely exploitable, with one allowing attackers to initiate calls to a target's phone using a 1,043-character-long Session Initiation Protocol name, to facilitate denial of service.
View Full Article
Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA