Mobile security

2014: A VoLTE Security Nightmare?

NEW YORK – Mobile Network Security Strategies – On Voice-over-LTE, no one can hear you scream.

Upcoming 4G packet voice services were highlighted as a significant new security risk in a panel discussion Thursday in New York on threats to the LTE network, devices, and users. Speakers from Cloudmark Inc. , Juniper Networks Inc. (NYSE: JNPR), Nokia Networks , and Symantec Corp. (Nasdaq: SYMC) all agreed that VoLTE has the potential to be a threat as the services are deployed

"It's opening a Pandora's Box," stated Basheer Nasir Ahmed, senior solutions manager at NSN.

Potential attacks include caller ID spoofing and distributed denial-of-service (DDoS) attacks. "Telephony DoS [or] TDoS," suggested John Veizades, senior product manager of mobile security at Juniper Networks, "is a can of worms."

Operators are just now starting to introduce call services over the all-IP LTE network and are planning the slow move away from circuit-switched voice calls over 3G and 2G technology.

Operators in Asia, Europe, and the US are planning to start VoLTE services over the next few years. Hong Kong operator CSL became one of the first to offer VoLTE services on Thursday. (See VoLTE Hits Hong Kong.)

— Dan Jones, Mobile Editor, Light Reading

<<   <   Page 2 / 2
DanJones 12/6/2013 | 1:45:50 PM
Re: VuIP needs to be ISOLATED My fault. I just wrote DDOS and didn't spell it out. Thanks for spotting it, just fixed it.
brookseven 12/6/2013 | 1:22:46 PM
Re: VuIP needs to be ISOLATED http://en.wikipedia.org/wiki/Denial-of-service_attack


I just wanted to let you know your first D of DDoS is defined incorrectly in the article.  Its Distributed Denial of Service.  Not Dedicated.  The big difference is that shutting down one source is a lot easier than shutting down 1000.

DanJones 12/6/2013 | 12:36:37 PM
Re: VuIP needs to be ISOLATED I'm relatively certain the carriers will want to make sure this is fixed, doncha think?
spc_isdnip 12/6/2013 | 11:58:47 AM
VuIP needs to be ISOLATED The cellular folks are bleeding imbeciles if they are putting VoLTE into the same iP stream as the Internet!  High-tier VoIP, better known as VuIP, always ALWAYS isolates the voice flow from the Internet, at a lower layer.  It is tyipcally done via MPLS.  Voice flow should not even have a public IP address; it should be a local "net 10" address.

Of course the GSMA folks behind this fustercluck are the same ones who decided to use IMS (the Rube Goldberg Protocol Stack) as the model.  They do great work down in the RF layers, their field of expertise, but they understand higher layers and switching about as well as the average Cisco-certified router tech understands MIMO beamforming.  So if they confused VoIP (Vonage, voice over "the top" on a best-efforts open IP network, low-tier works when it feels like it) with VuIP (voice using IP, high tier using managed private capacity and IP as just a muxing stub), then they're just utterly incompetent and we should not assume that it will work out of the box.
DanJones 12/6/2013 | 11:24:20 AM
Re: Why so serious? Yeah, basically, it wouldn't be possible to do a DDOS attack on 2G/3G. There were ways to spoof the old POTS network but you had to be a serious geek to make it happen.
Sarah Thomas 12/6/2013 | 7:56:34 AM
Why so serious? Haha, this might be the most terrifying lede I've ever read! Since VoLTE is just another data service on 4G, how are the attacks different than those that would affect other services? Is it just that they interupt, or corrupt, a valuable service -- communications?
<<   <   Page 2 / 2
Sign In