New Attack Lets Hackers Decrypt VoLTE Spy on Phone Call Encryption


<a href=mobile phone network hacking’ border=’0′ data-lazy-src=’’ data-original-height=’380′ data-original-width=’728′ src=’data:image/svg+xml,%3Csvg%20xmlns=’’%20viewBox=’0%200%200%200’%3E%3C/svg%3E’ title=’mobile phone network hacking’>

A crew of educational researchers—who beforehand made the headlines earlier this yr for uncovering extreme safety points within the 4G LTE and 5G networks—as we speak offered a brand new assault referred to as ‘ReVoLTE,’ that might let distant attackers break the encryption utilized by VoLTE voice calls and spy on focused telephone calls.

The assault would not exploit any flaw within the Voice over LTE (VoLTE) protocol; as an alternative, it leverages weak implementation of the LTE cell community by most telecommunication suppliers in observe, permitting an attacker to snoop on the encrypted telephone calls made by focused victims.

VoLTE or Voice over Lengthy Time period Evolution protocol is a normal high-speed wi-fi communication for cell phones and knowledge terminals, together with Web of Issues (IoT) units and wearables, deploying 4G LTE radio entry know-how.


The crux of the issue is that the majority cell operators usually use the identical keystream for 2 subsequent calls inside one radio connection to encrypt the voice knowledge between the telephone and the identical base station, i.e., cell phone tower.

Thus, the brand new ReVoLTE assault exploits the reuse of the identical keystream by susceptible base stations, permitting attackers to decrypt the contents of VoLTE powered voice calls within the following situation.

Nonetheless, reuse of a predictable keystream will not be new and was first identified by Raza & Lu, however the ReVoLTE assault turns it right into a sensible assault.

How Does the ReVoLTE Assault Work?

To provoke this assault, the attacker should be linked to the identical base station because the sufferer and place a downlink sniffer to observe and document a ‘focused name’ made by the sufferer to another person that must be decrypted later, as a part of the primary part of ReVoLTE assault.

As soon as the sufferer hangs up the ‘focused name,’ the attacker is required to name the sufferer, often inside 10 seconds instantly, which might power the susceptible community into initiating a brand new name between sufferer and attacker on the identical radio connection as utilized by earlier focused name.

“The keystream reuse happens when the goal and keystream name use the identical user-plane encryption key. As this key’s up to date for each new radio connection, the attacker should be certain that the primary packet of the keystream name arrives inside the lively part after the goal name,” the researchers mentioned.

As soon as linked, as a part of the second part, the attacker wants to interact the sufferer right into a dialog and document it in plaintext, which might assist the attacker later reverse compute the keystream utilized by the next name.

In line with researchers, XOR-ing the keystreams with the corresponding encrypted body of the focused name captured within the first part decrypts its content material permitting attackers to hearken to what dialog its sufferer had within the earlier telephone name.

“As this leads to the identical keystream, all RTP knowledge is encrypted in the identical approach because the voice knowledge of the goal name. As quickly as a enough quantity of keystream knowledge was generated, the adversary cancels the decision,” the paper reads.

Nonetheless, the size of the second name must be higher than or equal to the primary name as a way to decrypt every body; in any other case, it could possibly solely decrypt part of the dialog.

“You will need to be aware that the attacker has to interact the sufferer in an extended dialog. The longer he/she talked to the sufferer, the extra content material of the earlier communication he/she will be able to decrypt,” the paper reads.

“Every body is related to a depend and encrypted with a person keystream that we extract through the keystream computation. As the identical depend generates the identical keystream, the depend synchronizes the keystreams with encrypted frames of the goal name. XOR-ing the keystreams with the corresponding encrypted body decrypts the goal name.”

“As we purpose to decrypt the entire name, the keystream name should be so long as the goal name to supply a enough variety of packets, as in any other case we will solely decrypt part of the dialog.”

Detecting ReVoLTE Assault and Demonstration

To reveal the sensible feasibility of the ReVoLTE assault, the crew of teachers from Ruhr College Bochum carried out an end-to-end model of the assault inside a industrial, susceptible community and industrial telephones.

The crew used the downlink analyzer Airscope by Software program Radio System to smell the encrypted visitors and three Android-based telephones to acquire the known-plaintext on the attacker’s telephone. It then in contrast the 2 recorded conversations, decided the encryption key, and eventually decrypted a portion of the earlier name.

You’ll be able to see the demo video of the ReVoLTE assault, which, based on the researchers, might value lower than $7000 to attackers for establishing the assault and, finally, decrypting downlink visitors.

The crew examined a variety of randomly chosen radio cells throughout Germany to find out the scope of the difficulty and located that it impacts 12 out of 15 base stations in Germany, however researchers mentioned the safety hole additionally impacts different international locations.

Researchers notified the affected German base station operators in regards to the ReVoLTE assault by means of the GSMA Coordinated Vulnerability Disclosure Programme course of in early December 2019, and the operators managed to deploy the patches by the point of publication.

For the reason that situation additionally impacts a lot of suppliers worldwide, researchers launched an open supply Android app, referred to as ‘Cellular Sentinel,’ that you need to use to detect whether or not their 4G community and base stations are susceptible to the ReVoLTE assault or not.

Researchers—David Rupprecht, Katharina Kohls and Thorsten Holz of RUB College Bochum and Christina Pöpper of NYU Abu Dhabi—have additionally launched a devoted web site and analysis paper PDF, titled “Name Me Perhaps: Eavesdropping Encrypted LTE Calls With REVOLTE,” detailing the ReVoLTE assault, the place you will discover extra particulars.

You May Also Like