enterprisesecuritymag

What are the Risks Associated with Android VoIP Components

By Enterprise Security Magazine | Friday, January 24, 2020

Companies are trying to shift them to VoIP phone system, but before doing so it is essential for them to know the major risks associated with it.

FREMONT, CA: There are almost eight cybersecurity risks, and out of them, six were hardly exploitable problems. However, the vulnerability in cybersecurity can have a significant consequence on the security of telecoms and then its users.

Some researchers have discovered that Android’s voice-over-internet-protocol (VoIP) component has almost eight significant risks that can affect everyone.

What are the Risk Associated?

Cybercriminals can exploit the vulnerabilities to many levels, such as:

• Crash the VoIP devices

• Transfer calls without even letting the recipient’s know

• Run malevolent codes on the victim’s device

• Spoof the caller IDs

What is the List of vulnerabilities?

There are several companies that are transferring to a VoIP phone system. Hence, it is essential to know the threats that it carries. There were almost eight security risks that were discovered but out of them six were distantly exploitable problems. Here are listed some of the vulnerabilities. 

Remote Denial of Service (DoS) in Telephony

Two weaknesses were discovered in the Android OS’s telephony module, and both of them leads to a DoS attack. If the system has this flaw, then the attackers can even send malformed SDP packets that will crash the device when the user tries to answer a call. 

VoIP Call Bomb

The VoIP Call Bomb is a vulnerability that can be remotely exploited. The danger associated with this is the same as the existing denial of service (DoS) known as the SMS Bomb. The hackers can start a VoIP Call Bomb attack just by calling in the device of the victim by making use of a lengthy SIP name. However, there are high chances that a user will stay away from answering such calls or repeated calls, but it can lock their devices for a certain time. 

Unauthorized Call Transfer

According to the researchers, an Android system service known as the QtilMS that is available in the VoIP component exposes almost two APIs to third-party applications. Any app that does not have permission can invoke the APIs that will lead to a malicious application on the device and set unauthorized call transfer.

See also: Top Enterprise Security Consulting Companies

Weekly Brief