4G Flaw Affects All Android Phones on AT&T, Verizon

The vast majority of security flaws can only affect you if your software is out-of-date, or if you neglect to install a security suite. Once in a while, though, one crops up that blasts users across the board.

Such is the case with a newly discovered cellphone flaw. The Computer Emergency Response Team (CERT) at Carnegie Mellon University in Pittsburgh, sponsored by the Department of Homeland Security, is warning that all Android phones on AT&T and Verizon Wireless are currently open to attack over the Long Term Evolution (LTE) 4G network, and for the moment, there's not much the average consumer can do about it.

Information about the LTE flaw initially came from a team of South Korean security researchers. The researchers' technical paper, entitled "Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-implementations," first saw the light of day at the 22nd ACM SIGSAC conference in Denver earlier this month. The takeaway is that calls made over an LTE network could theoretically make a phone susceptible to data theft, phone spoofing and unauthorized calls.

MORE: Best Android Antivirus Software and Apps

If you're interested in exactly how the process works (and have the technical chops to parse it), the research paper explains in great detail how LTE networks can use a new telephony protocol called voice-over-LTE (VoLTE). As 4G/LTE networks become more common, more and more phone calls use VoLTE rather than traditional telephone-network protocols.

Essentially, pre-LTE cellphone calls worked much the same as their land-line counterparts have since the 19th century. Two parties would connect directly to each other using a dedicated temporary connection, or circuit, provided by the telephone network. Signals, whether analog or digital, would travel directly between them along that single connection without interference from a third party. Some LTE voice networks still use this model.

VoLTE is very different and uses packet-switching, which transmits small bits (or "packets") of data across a large network made up a theoretically infinite number of connections — i.e., the Internet. Each data packet "knows" where to go, and are reassembled into a data stream — in this case, sound — at the destination. Almost every piece of data transmitted across the Internet follows such protocols.

However, moving to packet-based switching opens up voice calls to a huge array of Internet-based attacks that cellular carriers, accustomed to the built-in insularity of circuit-based switching, might not have anticipated. As VoLTE packets travel over the Internet, third parties can access these packets by using sophisticated techniques described in the research paper.

To put it simply, a technically-minded cybercriminal could override call permissions, horn in on private calls, steal a phone number for his or her own purposes or even hack into a user's phone directly. From there, installing a malicious Android app on a targeted phone would be trivial, further opening up the phone for text-message scams, phishing or whatever else could turn a profit.

There is some good news, however: The issue appears to be exclusive to Android phones on the AT&T and Verizon networks. T-Mobile users (and, by inference, MetroPCS users as well) were affected when the paper was written, but T-Mobile told ZDNet that the issue had been "resolved." (Sprint has not yet launched VoLTE service.) Apple devices on any network are unaffected.

This patchwork of vulnerable and immune systems suggests that both Google and the wireless carriers can patch the issue — and should probably do so sooner rather than later.

It's worth noting that there's currently no reason to think that attackers are using these techniques in the wild, although the paper may inspire some to try. At present, Carnegie Mellon CERT is "unaware of a practical solution to these problems."

Tom's Guide has one suggested solution, although it's not ideal and will not work on all Android phones. Go into Settings, select Cellular Networks or Mobile Networks, then Preferred Network Type. If there's an opportunity to switch from LTE to 3G, CDMA or GSM, do so. (Not every phone has this option.)

3G networks are apparently unaffected by the LTE issue, although they're not ideal for processing modern sites and apps; phones have come a long way in the past few years. 

Marshall Honorof

Marshall Honorof is a senior editor for Tom's Guide, overseeing the site's coverage of gaming hardware and software. He comes from a science writing background, having studied paleomammalogy, biological anthropology, and the history of science and technology. After hours, you can find him practicing taekwondo or doing deep dives on classic sci-fi.