Stories
Slash Boxes
Comments

SoylentNews is people

New Attack Lets Hackers Decrypt VoLTE Encryption to Spy on Phone Calls

posted by martyb on Tuesday August 25 2020, @05:21PM   Printer-friendly
from the revolte-ing dept.

upstart writes in with an IRC submission:

New Attack Lets Hackers Decrypt VoLTE Encryption to Spy on Phone Calls:

A team of academic researchers—who previously made the headlines earlier this year for uncovering severe security issues in the 4G LTE and 5G networks—today presented a new attack called 'ReVoLTE,' that could let remote attackers break the encryption used by VoLTE voice calls and spy on targeted phone calls.

The attack doesn't exploit any flaw in the Voice over LTE (VoLTE) protocol; instead, it leverages weak implementation of the LTE mobile network by most telecommunication providers in practice, allowing an attacker to eavesdrop on the encrypted phone calls made by targeted victims.

VoLTE or Voice over Long Term Evolution protocol is a standard high-speed wireless communication for mobile phones and data terminals, including Internet of things (IoT) devices and wearables, deploying 4G LTE radio access technology.

The crux of the problem is that most mobile operators often use the same keystream for two subsequent calls within one radio connection to encrypt the voice data between the phone and the same base station, i.e., mobile phone tower.

[...] To initiate this attack, the attacker must be connected to the same base station as the victim and place a downlink sniffer to monitor and record a 'targeted call' made by the victim to someone else that needs to be decrypted later, as part of the first phase of ReVoLTE attack.

Once the victim hangs up the 'targeted call,' the attacker is required to call the victim, usually within 10 seconds immediately, which would force the vulnerable network into initiating a new call between victim and attacker on the same radio connection as used by previous targeted call.

Also at: Threatpost.

Original Submission

 
This discussion has been archived. No new comments can be posted.
New Attack Lets Hackers Decrypt VoLTE Encryption to Spy on Phone Calls | Log In/Create an Account | Top | 3 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)

  • (Score: 2) by rigrig on Tuesday August 25 2020, @06:36PM (2 children)

    by rigrig (5129) Subscriber Badge <soylentnews@tubul.net> on Tuesday August 25 2020, @06:36PM (#1041745) Homepage

    reuse of a predictable keystream is not new and was first pointed out by Raza & Lu, but the ReVoLTE attack turns it into a practical attack.

    That was in 2018, good thing we held off patching this until someone demonstrated it wasn't just a theoretical vulnerability which surely nobody could actually exploit in the field.

    --
    No one remembers the singer.

    • (Score: 1) by hopdevil on Tuesday August 25 2020, @08:25PM (1 child)

      by hopdevil (3356) on Tuesday August 25 2020, @08:25PM (#1041774)

      Sounds like it is working as intended

      • (Score: 2) by driverless on Wednesday August 26 2020, @07:29AM

        by driverless (4770) on Wednesday August 26 2020, @07:29AM (#1042024)

        It is. AES-CTR/AES-GCM is an incredibly brittle stream cipher that's fatally vulnerable to IV reuse, which is what ReVoLTE is exploiting. It was only a matter of time before someone took advantage of this flaw.

(1)