The technology has four vulnerabilities that allow attackers to spoof phone numbers, overbill clients, create DoS attacks on the phone and network, and obtain free data transfers without being charged.
The vulnerabilities use bog standard VoIP-related attack methods. LTE mobile networks use an internal structure that employs packet switching and the IP protocol (just like VoIP), instead of traditional circuit-switched mobile networks.
CERT said that the four vulnerabilities (CWE-732, CWE-284, CWE-287, and CWE-384) allow attackers to take advantage of some things like incorrectly set call permissions, the ability to establish direct sessions between phones, improper authentication for SIP messages, and a bug that enables attackers to establish multiple sessions with the same phone number.
These vulnerabilities, when exploited, lead to situations where the attackers can spoof any phone number they desire, initiate phone calls on the victim's phone (creating a DoS state or overbilling them), or create direct peer-to-peer connections between two users without being monitored by the rrier, which, in turn, allows for free data communications, numbers spoofing, or DoS states.
All vulnerabilities can be exploited remotely, and right now, there is no known fix for these problems.