In this example, a malicious app on a victim's Android phone secretly makes a call in the background, blocking the victim from making a call. Credit: Screenshot/KAIST
Android won't recognize that a data call is being made and show nothing on a smartphone's screen. A video call could eat up the victim's data allowance and potentially garner them a huge bill.
The vulnerabilities on the operator side could also lead to some crippling attacks, Kim said.
With 3G networks, people can only make one call at a time. But over packet-switched networks without the right controls, many calls can be made.
Kim said the error some operators have made is not managing call sessions. A device, for example, could start multiple calls with an operator's SIP (Session Initiation Protocol) server.
If the number of connections is too large, it could damage the SIP server and paralyze the IP Multimedia Subsystem (IMS), which manages IP-based voice calls for VoLTE, according to the paper. The solution is limiting the number of SIP messages that can sent by a mobile device and blocking activity that appears malicious.
The issues highlighted in the research paper are probably just "the tip of the iceberg," said Phil Marshall, chief research officer
with Tolaga Research in Newton, Massachusetts.
As the mobile industry moves to packet-switched services and mobile signaling is more exposed, more attack surfaces are likely to emerge, Marshall said.
"Although there are technical solutions to address these and other threats, we are generally not yet seeing the mobile industry placing adequate priority towards security," he said.
Sign up for CIO Asia eNewsletters.