Understanding Android VoIP Security: A System-Level Vulnerability Assessment

En HE; Daoyuan WU; Robert H. DENG

doi:10.1007/978-3-030-52683-2_6

Understanding Android VoIP Security: A System-Level Vulnerability Assessment

En HE
, Daoyuan WU^*
, Robert H. DENG

^*Corresponding author for this work

Research output: Book Chapters | Papers in Conference Proceedings › Conference paper (refereed) › Research › peer-review

Abstract

VoIP is a class of new technologies that deliver voice calls over the packet-switched networks, which surpasses the legacy circuit-switched telecom telephony. Android provides the native support of VoIP, including the recent VoLTE and VoWiFi standards. While prior works have analyzed the weaknesses of VoIP network infrastructure and the privacy concerns of third-party VoIP apps, no efforts were attempted to investigate the (in)security of Android’s VoIP integration at the system level. In this paper, we first demystify Android VoIP’s protocol stack and all its four attack surfaces. We then propose a novel vulnerability assessment approach that assembles on-device Intent/API fuzzing, network-side packet fuzzing, and targeted code auditing. By testing Android from version 7.0 to the recent 9.0, we have discovered 8 zero-day Android VoIP vulnerabilities, all of which were confirmed by Google with bug bounty awards. The security consequences are serious, including denying voice calls, caller ID spoofing, unauthorized call operations, and remote code execution. To mitigate these vulnerabilities and further improve Android VoIP security, we uncover a new root cause that requires developers’ attention during their design and implementation.

Original language	English
Title of host publication	Detection of Intrusions and Malware, and Vulnerability Assessment: 17th International Conference, DIMVA 2020, Lisbon, Portugal, June 24–26, 2020, Proceedings
Editors	Clémentine MAURICE, Leyla BILGE, Gianluca STRINGHINI, Nuno NEVES
Publisher	Springer, Cham
Pages	110-131
Number of pages	22
ISBN (Electronic)	9783030526832
ISBN (Print)	9783030526825
DOIs	https://doi.org/10.1007/978-3-030-52683-2_6
Publication status	Published - 7 Jul 2020
Externally published	Yes
Event	17th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment - Lisbon, Portugal Duration: 24 Jun 2020 → 26 Jun 2020

Publication series

Name	Lecture Notes in Computer Science
Volume	12223
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	17th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Abbreviated title	DIMVA 2020
Country/Territory	Portugal
City	Lisbon
Period	24/06/20 → 26/06/20

Bibliographical note

Publisher Copyright:
© 2020, Springer Nature Switzerland AG.

Access to Document

10.1007/978-3-030-52683-2_6Licence: Unspecified

Cite this

HE, E., WU, D., & DENG, R. H. (2020). Understanding Android VoIP Security: A System-Level Vulnerability Assessment. In C. MAURICE, L. BILGE, G. STRINGHINI, & N. NEVES (Eds.), Detection of Intrusions and Malware, and Vulnerability Assessment: 17th International Conference, DIMVA 2020, Lisbon, Portugal, June 24–26, 2020, Proceedings (pp. 110-131). (Lecture Notes in Computer Science; Vol. 12223). Springer, Cham. https://doi.org/10.1007/978-3-030-52683-2_6

HE, En ; WU, Daoyuan ; DENG, Robert H. / Understanding Android VoIP Security: A System-Level Vulnerability Assessment. Detection of Intrusions and Malware, and Vulnerability Assessment: 17th International Conference, DIMVA 2020, Lisbon, Portugal, June 24–26, 2020, Proceedings. editor / Clémentine MAURICE ; Leyla BILGE ; Gianluca STRINGHINI ; Nuno NEVES. Springer, Cham, 2020. pp. 110-131 (Lecture Notes in Computer Science).

@inproceedings{844df65b2612402aa41f0d7db9790ffe,

title = "Understanding Android VoIP Security: A System-Level Vulnerability Assessment",

abstract = "VoIP is a class of new technologies that deliver voice calls over the packet-switched networks, which surpasses the legacy circuit-switched telecom telephony. Android provides the native support of VoIP, including the recent VoLTE and VoWiFi standards. While prior works have analyzed the weaknesses of VoIP network infrastructure and the privacy concerns of third-party VoIP apps, no efforts were attempted to investigate the (in)security of Android{\textquoteright}s VoIP integration at the system level. In this paper, we first demystify Android VoIP{\textquoteright}s protocol stack and all its four attack surfaces. We then propose a novel vulnerability assessment approach that assembles on-device Intent/API fuzzing, network-side packet fuzzing, and targeted code auditing. By testing Android from version 7.0 to the recent 9.0, we have discovered 8 zero-day Android VoIP vulnerabilities, all of which were confirmed by Google with bug bounty awards. The security consequences are serious, including denying voice calls, caller ID spoofing, unauthorized call operations, and remote code execution. To mitigate these vulnerabilities and further improve Android VoIP security, we uncover a new root cause that requires developers{\textquoteright} attention during their design and implementation.",

author = "En HE and Daoyuan WU and DENG, \{Robert H.\}",

note = "Publisher Copyright: {\textcopyright} 2020, Springer Nature Switzerland AG.; 17th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2020 ; Conference date: 24-06-2020 Through 26-06-2020",

year = "2020",

month = jul,

day = "7",

doi = "10.1007/978-3-030-52683-2\_6",

language = "English",

isbn = "9783030526825",

series = "Lecture Notes in Computer Science",

publisher = "Springer, Cham",

pages = "110--131",

editor = "Cl{\'e}mentine MAURICE and Leyla BILGE and Gianluca STRINGHINI and Nuno NEVES",

booktitle = "Detection of Intrusions and Malware, and Vulnerability Assessment: 17th International Conference, DIMVA 2020, Lisbon, Portugal, June 24–26, 2020, Proceedings",

}

HE, E, WU, D & DENG, RH 2020, Understanding Android VoIP Security: A System-Level Vulnerability Assessment. in C MAURICE, L BILGE, G STRINGHINI & N NEVES (eds), Detection of Intrusions and Malware, and Vulnerability Assessment: 17th International Conference, DIMVA 2020, Lisbon, Portugal, June 24–26, 2020, Proceedings. Lecture Notes in Computer Science, vol. 12223, Springer, Cham, pp. 110-131, 17th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Lisbon, Portugal, 24/06/20. https://doi.org/10.1007/978-3-030-52683-2_6

Understanding Android VoIP Security: A System-Level Vulnerability Assessment. / HE, En; WU, Daoyuan; DENG, Robert H.
Detection of Intrusions and Malware, and Vulnerability Assessment: 17th International Conference, DIMVA 2020, Lisbon, Portugal, June 24–26, 2020, Proceedings. ed. / Clémentine MAURICE; Leyla BILGE; Gianluca STRINGHINI; Nuno NEVES. Springer, Cham, 2020. p. 110-131 (Lecture Notes in Computer Science; Vol. 12223).

Research output: Book Chapters | Papers in Conference Proceedings › Conference paper (refereed) › Research › peer-review

TY - GEN

T1 - Understanding Android VoIP Security: A System-Level Vulnerability Assessment

AU - HE, En

AU - WU, Daoyuan

AU - DENG, Robert H.

PY - 2020/7/7

Y1 - 2020/7/7

N2 - VoIP is a class of new technologies that deliver voice calls over the packet-switched networks, which surpasses the legacy circuit-switched telecom telephony. Android provides the native support of VoIP, including the recent VoLTE and VoWiFi standards. While prior works have analyzed the weaknesses of VoIP network infrastructure and the privacy concerns of third-party VoIP apps, no efforts were attempted to investigate the (in)security of Android’s VoIP integration at the system level. In this paper, we first demystify Android VoIP’s protocol stack and all its four attack surfaces. We then propose a novel vulnerability assessment approach that assembles on-device Intent/API fuzzing, network-side packet fuzzing, and targeted code auditing. By testing Android from version 7.0 to the recent 9.0, we have discovered 8 zero-day Android VoIP vulnerabilities, all of which were confirmed by Google with bug bounty awards. The security consequences are serious, including denying voice calls, caller ID spoofing, unauthorized call operations, and remote code execution. To mitigate these vulnerabilities and further improve Android VoIP security, we uncover a new root cause that requires developers’ attention during their design and implementation.

AB - VoIP is a class of new technologies that deliver voice calls over the packet-switched networks, which surpasses the legacy circuit-switched telecom telephony. Android provides the native support of VoIP, including the recent VoLTE and VoWiFi standards. While prior works have analyzed the weaknesses of VoIP network infrastructure and the privacy concerns of third-party VoIP apps, no efforts were attempted to investigate the (in)security of Android’s VoIP integration at the system level. In this paper, we first demystify Android VoIP’s protocol stack and all its four attack surfaces. We then propose a novel vulnerability assessment approach that assembles on-device Intent/API fuzzing, network-side packet fuzzing, and targeted code auditing. By testing Android from version 7.0 to the recent 9.0, we have discovered 8 zero-day Android VoIP vulnerabilities, all of which were confirmed by Google with bug bounty awards. The security consequences are serious, including denying voice calls, caller ID spoofing, unauthorized call operations, and remote code execution. To mitigate these vulnerabilities and further improve Android VoIP security, we uncover a new root cause that requires developers’ attention during their design and implementation.

UR - https://www.scopus.com/pages/publications/85088517672

U2 - 10.1007/978-3-030-52683-2_6

DO - 10.1007/978-3-030-52683-2_6

M3 - Conference paper (refereed)

AN - SCOPUS:85088517672

SN - 9783030526825

T3 - Lecture Notes in Computer Science

SP - 110

EP - 131

BT - Detection of Intrusions and Malware, and Vulnerability Assessment: 17th International Conference, DIMVA 2020, Lisbon, Portugal, June 24–26, 2020, Proceedings

A2 - MAURICE, Clémentine

A2 - BILGE, Leyla

A2 - STRINGHINI, Gianluca

A2 - NEVES, Nuno

PB - Springer, Cham

T2 - 17th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment

Y2 - 24 June 2020 through 26 June 2020

ER -

HE E, WU D, DENG RH. Understanding Android VoIP Security: A System-Level Vulnerability Assessment. In MAURICE C, BILGE L, STRINGHINI G, NEVES N, editors, Detection of Intrusions and Malware, and Vulnerability Assessment: 17th International Conference, DIMVA 2020, Lisbon, Portugal, June 24–26, 2020, Proceedings. Springer, Cham. 2020. p. 110-131. (Lecture Notes in Computer Science). doi: 10.1007/978-3-030-52683-2_6

Understanding Android VoIP Security: A System-Level Vulnerability Assessment

Abstract

Publication series

Conference

Bibliographical note

Access to Document

Other files and links

Fingerprint

Cite this