Mobile security

2014: A VoLTE Security Nightmare?

NEW YORK – Mobile Network Security Strategies – On Voice-over-LTE, no one can hear you scream.

Upcoming 4G packet voice services were highlighted as a significant new security risk in a panel discussion Thursday in New York on threats to the LTE network, devices, and users. Speakers from Cloudmark Inc. , Juniper Networks Inc. (NYSE: JNPR), Nokia Networks , and Symantec Corp. (Nasdaq: SYMC) all agreed that VoLTE has the potential to be a threat as the services are deployed

"It's opening a Pandora's Box," stated Basheer Nasir Ahmed, senior solutions manager at NSN.

Potential attacks include caller ID spoofing and distributed denial-of-service (DDoS) attacks. "Telephony DoS [or] TDoS," suggested John Veizades, senior product manager of mobile security at Juniper Networks, "is a can of worms."

Operators are just now starting to introduce call services over the all-IP LTE network and are planning the slow move away from circuit-switched voice calls over 3G and 2G technology.

Operators in Asia, Europe, and the US are planning to start VoLTE services over the next few years. Hong Kong operator CSL became one of the first to offer VoLTE services on Thursday. (See VoLTE Hits Hong Kong.)

— Dan Jones, Mobile Editor, Light Reading

Page 1 / 2   >   >>
DanJones 1/7/2014 | 5:31:21 PM
Re: Why so serious? Sounds right, looks like VoLTE is coming -- ready or not -- in 2014 so it'll be interesting to see if this becomes an issue.
aniva 1/7/2014 | 2:36:24 PM
Re: Why so serious? Back in years "phreaking" was introduced to help geeks to mess up with telephone networks. Those geeks eventually switched their attention to IP. I think the reason not so much spoofing goes on with POTS simply because there is not much out there compared to IP (not because lack of geeks).
DanJones 12/9/2013 | 9:40:30 AM
Re: DDoS in VoLTE That semed to be the big worry among vendors anyway.
Sami82 12/8/2013 | 12:47:19 AM
DDoS in VoLTE DDoS against telco voice infrastructure would be a lot easier with VoLTE. Given that user terminals would be multi-purposes devices using OS like android/iOS/windows, they could be easily infected by malware and enrolled as members of a botnet. Once you get enough subscribers from a particular telco under his control, C&C could decide to lauch an attack against telco's internal infrastructure (even if using private IP space).
DanJones 12/6/2013 | 5:47:44 PM
Re: VuIP needs to be ISOLATED Seven

Yeah, probably so, the topic came up on a panel discussion about different LTE threats, of which there many as far I can tell.
brookseven 12/6/2013 | 5:39:02 PM
Re: VuIP needs to be ISOLATED Dan,

You are simplifying things a little.

Let's say for the moment that intercarrier calls go via TDM gateways.  All that means is that the voice network dould be run as a private address space and could have a separate IP connection than the Internet connection.  

Now the reality of those 2 IP presences aren't even required at the phone as the Mobile IP stack requires an intervening element to get to a pure TCP/IP handoff.


spc_isdnip 12/6/2013 | 5:32:52 PM
Re: VuIP needs to be ISOLATED No. The raison d'etre of LTE is getting more eficiency out of spectrum by employing modulation techniques that were impractical in the 3G era but are now possible thanks to Moore's Law and more DSP cycles.  LTE features OFDM (vs. CDMA, nice but not quite as powerful), MIMO, and smart antennas. 

The resulting bit rates are of course mostly needed for data applications. But telephone calls still need to be made, and telephony requires the kind of low-jitter low-loss QoS that best-efforts IP can't deliver.  Atop that, the Internet is a sewer, subject to malware and DDoS, which needs to be kept away from the PSTN. So while it's perfectly rational to use IP within the muxing stream of the voice, it makes no sense to expose it to the Internet.  Anyone who designs wireline networks understands that -- it drives a lot of MPLS, Carrier Ethernet, and other isolation technologies.

Look at PacketCable for an example.  Same PMD, but QoS via time slot management, and it goes into separate private IP pipes from the pubilc Internet. Works great.  What's stupid is that PacketCable 2 is trying to be more like VoLTE, by using RubeIMS, though it's still kept isolated from the script kiddies.
DanJones 12/6/2013 | 4:20:43 PM
Hat tip to Diametriq

I like it!

Diametriq @Diametriq

"@Dan_LRMobile: On #VoLTE no one can hear you scream! http://add.vc/ddT  via @Light_Reading" < or rather everyone ...

DanJones 12/6/2013 | 4:18:12 PM
Re: VuIP needs to be ISOLATED That's some catch then, if I'm understanding you correctly, the whole raison d'etre of LTE is marrying phones and the Internet, no?
spc_isdnip 12/6/2013 | 2:47:55 PM
Re: VuIP needs to be ISOLATED Vulnerability to DDoS is cnaracteristic of the public Internet.  An isolated network is safe.  So if they want VoLTE to not be subject to DDoS, thas to not be on the Internet.
Page 1 / 2   >   >>
Sign In