Light Reading

2014: A VoLTE Security Nightmare?

Dan Jones
12/6/2013
50%
50%
Repost This

NEW YORK – Mobile Network Security Strategies – On Voice-over-LTE, no one can hear you scream.

Upcoming 4G packet voice services were highlighted as a significant new security risk in a panel discussion Thursday in New York on threats to the LTE network, devices, and users. Speakers from Cloudmark Inc. , Juniper Networks Inc. (NYSE: JNPR), Nokia Solutions and Networks , and Symantec Corp. (Nasdaq: SYMC) all agreed that VoLTE has the potential to be a threat as the services are deployed

"It's opening a Pandora's Box," stated Basheer Nasir Ahmed, senior solutions manager at NSN.

Potential attacks include caller ID spoofing and distributed denial-of-service (DDoS) attacks. "Telephony DoS [or] TDoS," suggested John Veizades, senior product manager of mobile security at Juniper Networks, "is a can of worms."

Operators are just now starting to introduce call services over the all-IP LTE network and are planning the slow move away from circuit-switched voice calls over 3G and 2G technology.

Operators in Asia, Europe, and the US are planning to start VoLTE services over the next few years. Hong Kong operator CSL became one of the first to offer VoLTE services on Thursday. (See VoLTE Hits Hong Kong.)

— Dan Jones, Mobile Editor, Light Reading

(16)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Dan@LightReadingMobile
50%
50%
Dan@LightReadingMobile,
User Rank: Blogger
1/7/2014 | 5:31:21 PM
Re: Why so serious?
Sounds right, looks like VoLTE is coming -- ready or not -- in 2014 so it'll be interesting to see if this becomes an issue.
aniva
50%
50%
aniva,
User Rank: Light Beer
1/7/2014 | 2:36:24 PM
Re: Why so serious?
Back in years "phreaking" was introduced to help geeks to mess up with telephone networks. Those geeks eventually switched their attention to IP. I think the reason not so much spoofing goes on with POTS simply because there is not much out there compared to IP (not because lack of geeks).
Dan@LightReadingMobile
50%
50%
Dan@LightReadingMobile,
User Rank: Blogger
12/9/2013 | 9:40:30 AM
Re: DDoS in VoLTE
That semed to be the big worry among vendors anyway.
Sami82
50%
50%
Sami82,
User Rank: Light Beer
12/8/2013 | 12:47:19 AM
DDoS in VoLTE
DDoS against telco voice infrastructure would be a lot easier with VoLTE. Given that user terminals would be multi-purposes devices using OS like android/iOS/windows, they could be easily infected by malware and enrolled as members of a botnet. Once you get enough subscribers from a particular telco under his control, C&C could decide to lauch an attack against telco's internal infrastructure (even if using private IP space).
Dan@LightReadingMobile
50%
50%
Dan@LightReadingMobile,
User Rank: Blogger
12/6/2013 | 5:47:44 PM
Re: VuIP needs to be ISOLATED
Seven

Yeah, probably so, the topic came up on a panel discussion about different LTE threats, of which there many as far I can tell.
brookseven
50%
50%
brookseven,
User Rank: Light Sabre
12/6/2013 | 5:39:02 PM
Re: VuIP needs to be ISOLATED
Dan,

You are simplifying things a little.

Let's say for the moment that intercarrier calls go via TDM gateways.  All that means is that the voice network dould be run as a private address space and could have a separate IP connection than the Internet connection.  

Now the reality of those 2 IP presences aren't even required at the phone as the Mobile IP stack requires an intervening element to get to a pure TCP/IP handoff.

seven

 
spc_isdnip
50%
50%
spc_isdnip,
User Rank: Lightning
12/6/2013 | 5:32:52 PM
Re: VuIP needs to be ISOLATED
No. The raison d'etre of LTE is getting more eficiency out of spectrum by employing modulation techniques that were impractical in the 3G era but are now possible thanks to Moore's Law and more DSP cycles.  LTE features OFDM (vs. CDMA, nice but not quite as powerful), MIMO, and smart antennas. 

The resulting bit rates are of course mostly needed for data applications. But telephone calls still need to be made, and telephony requires the kind of low-jitter low-loss QoS that best-efforts IP can't deliver.  Atop that, the Internet is a sewer, subject to malware and DDoS, which needs to be kept away from the PSTN. So while it's perfectly rational to use IP within the muxing stream of the voice, it makes no sense to expose it to the Internet.  Anyone who designs wireline networks understands that -- it drives a lot of MPLS, Carrier Ethernet, and other isolation technologies.

Look at PacketCable for an example.  Same PMD, but QoS via time slot management, and it goes into separate private IP pipes from the pubilc Internet. Works great.  What's stupid is that PacketCable 2 is trying to be more like VoLTE, by using RubeIMS, though it's still kept isolated from the script kiddies.
Dan@LightReadingMobile
50%
50%
Dan@LightReadingMobile,
User Rank: Blogger
12/6/2013 | 4:20:43 PM
Hat tip to Diametriq


I like it!

Diametriq @Diametriq

"@Dan_LRMobile: On #VoLTE no one can hear you scream! http://add.vc/ddT  via @Light_Reading" < or rather everyone ...

Dan@LightReadingMobile
50%
50%
Dan@LightReadingMobile,
User Rank: Blogger
12/6/2013 | 4:18:12 PM
Re: VuIP needs to be ISOLATED
That's some catch then, if I'm understanding you correctly, the whole raison d'etre of LTE is marrying phones and the Internet, no?
spc_isdnip
50%
50%
spc_isdnip,
User Rank: Lightning
12/6/2013 | 2:47:55 PM
Re: VuIP needs to be ISOLATED
Vulnerability to DDoS is cnaracteristic of the public Internet.  An isolated network is safe.  So if they want VoLTE to not be subject to DDoS, thas to not be on the Internet.
Page 1 / 2   >   >>
Flash Poll
LRTV Documentaries
Cable Eyes Big Technology Shifts

4|16|14   |   03:02   |   (4) comments


US cable engineers are facing a lot of heavy lifting in the coming years, notes Light Reading Cable/Video Practice Leader Alan Breznick.
LRTV Custom TV
Maximizing Customer Experience & Assuring Service Delivery in an IP World

4|15|14   |   4:57   |   (0) comments


Steven Shalita, VP of Marketing, NetScout Systems, Inc., discusses the challenges cable/MSO operators face in assuring the delivery of new IP-based services. Key points include the value of proactively managing performance, and using rich analytics and operational intelligence to better understand service and usage trends, make smarter business decisions and ...
LRTV Documentaries
Bye-Bye DVD: Consumers Embrace Digital Video

4|10|14   |   04:17   |   (7) comments


Veteran video analyst Colin Dixon, founder and principal analyst of nScreenMedia, says research shows 56% are using digital video already.
LRTV Documentaries
Video: TW Cable Puts Multicast Gateways to the Test

4|8|14   |   04:13   |   (1) comment


Tom Gonder, a chief architect at Time Warner Cable, explains how its trial of multicast gateways is impacting IP-based video plans.
LRTV Custom TV
Managing & Monetizing Big Data in Operator Environments

4|7|14   |     |   (1) comment


At Mobile World Congress, Gigamon's Director of Service Provider Solutions, Andy Huckridge, and Heavy Reading Analyst Sarah Wallace discuss the 'big data' issues facing carriers and operators today.
LRTV Huawei Video Resource Center
Data Center Energy – Build Your Data Center in a Modular Way

4|7|14   |   2:13   |   (0) comments


Dr. Fang Liangzhou, VP Network Energy Product Line, shared his thoughts about the challenges for data centers during CeBIT 2014.
LRTV Huawei Video Resource Center
Agile Network Solution – An Overview of Huawei's Agile Network Solution

4|7|14   |   2:31   |   (0) comments


Ajay Gupta, Director of Product Marketing, Networking Product Line, gives an overview of the Agile Network Solutions during CeBIT 2014.
LRTV Huawei Video Resource Center
Huawei’s eLTE Voice Trunking, Video and Data Applied for Railways

4|7|14   |   1:38   |   (0) comments


Gottfried Winter is the Sales Director at Funkwerk, a German specialist in GSM-r terminals and a long-time partner of Huawei. At CeBIT 2014, Winter talks to Light Reading about this partnership and the integration of enhanced voice trunking, video and data functions.
LRTV Huawei Video Resource Center
LeaseWeb Speaks Highly of Huawei's Datacenter Products

4|7|14   |   1:37   |   (0) comments


Rene Olde Olthof, Operations Director LeaseWeb, talks about the next data center transformation during CeBIT 2014.
LRTV Documentaries
Comcast: Reshaping the Cable Network Architecture

4|3|14   |   07:11   |   (8) comments


Shamim Akhtar, Comcast's architect and senior director of network strategy, explains why the cable company is moving to a more distributed network architecture.
LRTV Custom TV
VMware CEO Pat Gelsinger at Mobile World Congress

4|1|14   |   3:41   |   (0) comments


VMware CEO Pat Gelsinger speaks to Heavy Reading about the value of virtualization spanning from the data center to service provider networks to mobile devices.
LRTV Huawei Video Resource Center
Analysts' Impressions of Huawei SoftCOM at ONS 2014

4|1|14   |   1:11   |   (0) comments


After visiting the Huawei booth at ONS, Lee Doyle of Doyle Research gives his appraisal of Huawei's SoftCOM solution.
Hot Topics
BlackBerry Invests in Healthcare IT Startup
Sarah Reedy, Senior Editor, 4/15/2014
Volvo: AT&T HSPA+ Can Drive My Car
Sarah Reedy, Senior Editor, 4/16/2014
T-Mobile Petitions Operators to Kill Overages
Sarah Reedy, Senior Editor, 4/14/2014
Cisco & VMware Are Apple & Google of SDN
Mitch Wagner, West Coast Bureau Chief, Light Reading, 4/14/2014
Mobile Apps Susceptible to Heartbleed, Too
Sarah Reedy, Senior Editor, 4/14/2014
Like Us on Facebook
Twitter Feed