ReVoLTE attack breaks the encryption on VoLTE calls.
Every year, we see a wide variety of attacks targeting different platforms. Some are done using the same old methods while some use completely new attack vectors unseen before.
Discovering one of the latter, a team of researchers has recently reported on a way to bypass the encryption of recorded calls made using the Voice over LTE (VoLTE) protocol.
To put matters into perspective, VoLTE is used by a very large number of people globally supporting over 1200 devices.
Dubbed as ReVoLTE, the technique exploits a flaw in the implementation found today of LTE by cellular network operators instead of a vulnerability in VoLTE itself.
Talking about the flaw, it is centered around the apparent re-use of keystreams – characters that are used to encrypt a message – when 2 successive calls take place “during one active radio connection”[when connected to the same base station].
Watch the demo video:
Therefore let’s suppose I make a call which the attackers want to eavesdrop on. In this scenario, as soon as I end my call, the attacker could make a second call from their end within seconds which would use the same keystream used during my first call and hence grant them the opportunity to know the keystream. Using this newly obtained information, they could now decrypt my first recorded call.
However, all of this requires more than just a simple computer. As the researchers explain in their reported [PDF] stating that,
The attack consists of two main phases: the recording phase in which the adversary records the target call of the victim, and the call phase with a subsequent call with the victim. For the first phase, the adversary must be capable of sniffing radiolayer transmissions in downlink direction, which is possible with affordable hardware for less than $1,400.
The second phase requires a Commercial Off-TheShelf (COTS) phone and knowledge of the victim’s phone number along with his/her current position (i.e., radio cell), said researchers. An adversary needs to invest less than 7000 $ to create a setup with the same functionality and, eventually, the ability to decrypt downlink traffic.
Other human factors are also definitely at play such as the fact that if the victim does not answer the second attacker initiated the call, the attack won’t work.
Additionally, the duration of the second call should also be at least as long as the initial call otherwise “sufficient keystream material” will not be generated for the attacker to use. This is why perhaps, they call social engineering a critical part of cybersecurity.
To conclude, it is important to note that the same issue was explored theoretically earlier in a paper published back in 2018 by Muhammad Taqi Raza and Songwu Lu despite which these companies did not take heed.
Currently, service providers have been informed of the vulnerability through the GSMA Coordinated Vulnerability Disclosure (CVD) Programme and the flaw should have been fixed.
Nonetheless, we have good reason to believe that cellular companies in parts of the world where privacy is not given much importance would not have been quick to roll out patches and so it is necessary that the security communities in these countries pressurize these firms into doing so.