About: Understanding Android VoIP Security: A System-Level Vulnerability Assessment

Facets (new session)
Description
Metadata
Settings
- owl:sameAs
- Inference Rule:

About: Understanding Android VoIP Security: A System-Level Vulnerability Assessment Goto Sponge NotDistinct Permalink

An Entity of Type : schema:ScholarlyArticle, within Data Space : wasabi.inria.fr associated with source document(s)

Attributes	Values
type	Academic Article research paper schema:ScholarlyArticle
isDefinedBy	Covid-on-the-Web dataset
has title	Understanding Android VoIP Security: A System-Level Vulnerability Assessment
Creator	Deng, Robert He, En Wu, Daoyuan
Source	PMC
abstract	VoIP is a class of new technologies that deliver voice calls over the packet-switched networks, which surpasses the legacy circuit-switched telecom telephony. Android provides the native support of VoIP, including the recent VoLTE and VoWiFi standards. While prior works have analyzed the weaknesses of VoIP network infrastructure and the privacy concerns of third-party VoIP apps, no efforts were attempted to investigate the (in)security of Android’s VoIP integration at the system level. In this paper, we first demystify Android VoIP’s protocol stack and all its four attack surfaces. We then propose a novel vulnerability assessment approach that assembles on-device Intent/API fuzzing, network-side packet fuzzing, and targeted code auditing. By testing Android from version 7.0 to the recent 9.0, we have discovered 8 zero-day Android VoIP vulnerabilities, all of which were confirmed by Google with bug bounty awards. The security consequences are serious, including denying voice calls, caller ID spoofing, unauthorized call operations, and remote code execution. To mitigate these vulnerabilities and further improve Android VoIP security, we uncover a new root cause that requires developers’ attention during their design and implementation.
has issue date	2020-06-11(xsd:dateTime)
bibo:doi	10.1007/978-3-030-52683-2_6
has license	no-cc
sha1sum (hex)	8f13b2eeedb1de7428fbf04bc0556eadc108f875
schema:url	https://doi.org/10.1007/978-3-030-52683-2_6
resource representing a document's title	Understanding Android VoIP Security: A System-Level Vulnerability Assessment
has PubMed Central identifier	PMC7338189
schema:publication	Detection of Intrusions and Malware, and Vulnerability Assessment
resource representing a document's body	covid:8f13b2eeedb1de7428fbf04bc0556eadc108f875#body_text
is schema:about of	named entity 'code' named entity 'Android' named entity 'caller ID spoofing' named entity 'vulnerability assessment' named entity 'Android' named entity 'Assessment' named entity 'Android' named entity 'CONFIRMED BY' named entity 'ROOT CAUSE' named entity 'PACKET' named entity 'A CLASS' named entity 'WORKS' named entity 'INTENT' named entity 'NEW' named entity 'MITIGATE' named entity 'INCLUDING' named entity 'deliver' named entity 'surfaces' named entity 'weaknesses' named entity 'auditing' named entity 'infrastructure' named entity 'system' named entity 'protocol stack' named entity 'root' named entity 'API' named entity 'VoIP' named entity 'packet-switched networks' named entity 'VoIP' named entity 'protocol stack' named entity 'VoIP' named entity 'VoLTE' named entity 'VoIP' named entity 'VoIP' named entity 'gsm' named entity 'Android' named entity 'encrypted' named entity 'phone app' named entity 'Telephony' named entity 'Android' named entity 'denial of service attack' named entity 'Caller ID Spoofing' named entity 'Cross-Site Request Forgery' named entity 'VoIP' named entity 'API' named entity 'Android' named entity 'telecom networks' named entity 'VoIP' named entity 'VoIP' named entity 'fuzzing' named entity 'stateful' named entity 'VoIP' named entity 'user agent' named entity 'SIP' named entity 'fuzzer' named entity 'fuzzing' named entity 'bug bounty' named entity 'Android' named entity 'Radio Interface Layer' named entity 'fuzzing' named entity 'fuzzing' named entity 'Transmission Protocol' named entity 'fuzzing' named entity 'VoIP' named entity 'VoIP' named entity 'Java' named entity 'IPC' named entity 'API' named entity 'PSTN' named entity 'API' named entity 'fuzzing' named entity 'VoIP' named entity 'fuzzing' named entity 'Google Android' named entity 'snprintf' named entity 'pid' named entity 'Android' named entity 'attack surface' named entity 'VoIP' named entity 'Android' named entity 'RTP' named entity 'TLS'

Faceted Search & Find service v1.13.91 as of Mar 24 2020

Alternative Linked Data Documents: Sponger | ODE Content Formats:

RDF

ODATA

Microdata

About

OpenLink Virtuoso version 07.20.3229 as of Jul 10 2020, on Linux (x86_64-pc-linux-gnu), Single-Server Edition (94 GB total memory)
Data on this page belongs to its respective rights holders.
Virtuoso Faceted Browser Copyright © 2009-2024 OpenLink Software