We detect and identify two important security vulnerabilities in the IMS system, which supports 4G/5G multimedia services. We have validated them in 4 carriers’ networks from Taiwan and U.S. using 7 brands’ smartphones, and shown that they can be exploited to launch a stealthy call DoS attack and a social engineering attack with ghost calls against cellular users. The call DoS attack can prevent the cellular users from receiving or making any calls up to 99% attack time without user awareness. Moreover, attackers can detect attackable users based on a security vulnerability of the 4G network by applying our developed AI technique with only the users’ phone number. We further propose solutions and validate their effectiveness and overhead on the open-source OpenIMSCore platform.We are the first group in the world to make the following four achievements.
1.We detect and identify total three vulnerabilities from VoWiFi and IMS. They can be exploited to hijack VoWiFi sessions and launch stealthy call DoS attacks against 4G/5G cellular users to prevent them from receiving incoming calls up to 99% attack time without user awareness.
2.We use machine learning to discover a vulnerability of current cellular networks, call information leakage, which can be used to detect attackable phones remotely at run time.
3.We confirm all the above security threats as general ones in the world by covering 4 top-tier carriers across Taiwan and U.S. with 7 phone brands in our experiments.
4.We propose solutions and validate their effectiveness and overhead experimentally.The security threats identified by us generally exist in global 4G/5G cellular network systems. Their root causes lie in design flaws of network protocols, defects of network operations, or insecure app implementations. Our developed technologies can assist cellular network standards, carriers, and telecom/phone vendors in detecting and addressing the security vulnerabilities of 4G/5G cellular networks and multimedia services. They can be contributed to the security protection of the 4G/5G ecosystem for the global telecom industry.