Cybersecurity Researchers find Spoofing Vulnerability in Android’s VoIP Components

A team of Chinese researchers has recently revealed the findings of a ground-breaking investigation into Android’s voice-over-internet-protocol (VoIP) components. The team from OPPO ZIWU Cyber Security Lab, the Chinese University of Hong Kong and Singapore Management University, found no fewer than eight vulnerabilities.

Cybercriminals minded to exploit those vulnerabilities could do any of the following:

• Transfer calls without the recipient’s knowledge
• Spoof caller IDs
• Crash VoIP devices
• Run malicious code on a victim’s device

The unique nature of the study is what uncovered these severe cybersecurity risks. There has been other research into cybersecurity as related to a VoIP phone system. All those previous tests, though, concentrated on VoIP equipment, servers, and mobile apps.

The researchers from China, Hong Kong, and Singapore focused on the VoIP components in the Android OS itself. To assess the security of those components, the team devised a unique three-stage method.