Vulnerability makes every Android device on AT&T and Verizon’s wireless vulnerable to attack

“A newly found security flaw could be affecting every Android device on AT&T or Verizon’s wireless network, according to an advisory posted by the Carnegie Mellon University CERT database,” Manish Singh reports for Neowin. “A group of South Korean researchers, on Friday, reported about a vulnerability that puts a large pool of Android devices — every version of Android including Marshmallow — in the United States at risk.”

“If exploited, attackers could circumvent Session Initiation Protocol (SIP), often used in voice calls and instant messaging, to gain access to a victim’s device,” Singh reports. “The attackers could then initiate the denial of service (DDoS) attacks on a wireless network. The access to a victim’s network opens door to a number of sophisticated and serious attacks such as bypassing the VoLTE’s accounting system to freely use the bandwidth, and wiretapping the victim’s calls and messages.”

Singh reports, “As per the researchers, Apple’s iPhones aren’t affected with this vulnerability.”

Read more in the full article here.

MacDailyNews Take: Have fun waiting for your patches that will never come, fragmandroid settlers.

“Open” – to infection. Android is the open sore of mobile.

When you settle for garbage, expect to be treated like garbage.

Apple cares about their users because they are responsible for the hardware, the operating system, and the ecosystem; the whole enchilada. They are compelled to strive for high customer satisfaction in order to secure repeat buyers. There is no “Android” per se. Alphabet Inc. is the closest you can get to that and that gets you a whopping 5.2 security rating out of 10 – for an insecure knockoff of the real thing, no less! Not a smart purchasing decision. Like we always say, choosing an iPhone vs. an “Android” iPhone knockoff is like an IQ test.

And remember: Stop deluding yourselves. If it’s not an iPhone, it’s not an iPhone.

87% of Android devices are insecure, University of Cambridge study finds – October 14, 2015
Apple issues iPhone manifesto; blasts Android’s lack of updates, lack of privacy, rampant malware – August 10, 2015
New Android malware strains to top 2 million by end of 2015 – July 1, 2015
Symantec: 1 in 5 Android apps is malware – April 25, 2015
Kaspersky Lab Director: Over 98% of mobile malware targets Android because it’s much, much easier to exploit than iOS – January 15, 2015
Security experts: Malware spreading to millions on Android phones – November 21, 2014
There’s practically no iOS malware, thanks to Apple’s smart control over app distribution – June 13, 2014
F-Secure: Android accounted for 99% of new mobile malware in Q1 2014 – April 30, 2014
Google’s Sundar Pichai: Android not designed to be safe; if I wrote malware, I’d target Android, too – February 27, 2014
Cisco: Android the target of 99 percent of world’s mobile malware – January 17, 2014
U.S. DHS, FBI warn of malware threats to Android mobile devices – August 27, 2013
Android app malware rates skyrocket 40 percent in last quarter – August 7, 2013
First malware found in wild that exploits Android app signing flaw – July 25, 2013
Mobile Threats Report: Android accounts for 92% of all mobile malware – June 26, 2013
Latest self-replicating Android Trojan looks and acts just like Windows malware – June 7, 2013
99.9% of new mobile malware targets Android phones – May 30, 2013
Mobile malware exploding, but only for Android – May 14, 2013
Mobile malware: Android is a bad apple – April 15, 2013
F-Secure: Android accounted for 96% of all mobile malware in Q4 2012 – March 7, 2013
New malware attacks Android phones, Windows PCs to eavesdrop, steal data; iPhone, Mac users unaffected – February 4, 2013


    1. how can such a platform-wide vulnerability be seen as infantile? You sound defensive. I am worried that the flood of malware in Android will be capable of damaging or flooding the infrastructure of the carriers’ mobile network, so it is relevant even to iOS owners. Having a secure mobile device is comforting however also. MDN is not the only pundit who predicted the MS Windows equivalent of mobile operating systems, with its “open” and highly customizable and largely un-standardized foundation, would be vulnerable to attacks like this. Big surprise. So don’t come crying to me for your frugal buying decision. The birds have come home to roost.


  1. So if I understand this correctly you have to be using cellular data to be vulnerable to this exploit. I don’t know anyone using Android smartphones with unlimited data plans.. Users will probably only be turning cellular data on for short periods when they need it, reducing their exposure. Why single out AT&T and Verizon? Does Sprint and T-Mobile cell towers have something different that closes that vulnerability? Normal WiFi is not vulnerable to the same exploit?

    1. Android phones were offered with Unlimited data plans at the time iPhobes were being offered with unlimited plans. Also, if someone with an iPhone unlimited plan switched to Android, they could carry the service with them.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.