Academics Find Eight Vulnerabilties in Android's VoIP Components (Oct 1, 2019)
Research conducted by academics has identified eight vulnerabilities in the Android operating system’s VoIP (Voice over IP). Focusing on fuzzing, the technique of sending random data through software to see how it will react, the academics were able to discover nine bugs. These bugs include five high severity and one critical vulnerability with the ability for remote code execution, caller ID spoofing, and spam calls. These vulnerabilities were only tested in recent Android versions 7.0 ‘Nougat’, to 9.0 ‘Pie’, and have been reported to Google.
Recommendation: Users should exercise caution when downloading apps, even from the Google Play store, as they may be malicious, with in conjunction with these vulnerabilities could be exploited by attackers.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.