This week, a team of academics detailed a vulnerability in the Voice over LTE (VoLTE) protocol that could be used to break the encryption of 4G voice calls.
With the name ReVoLTE, researchers say that this attack is possible because mobile operators often use the same encryption key to secure multiple 4G voice calls that take place via the same base station (mobile cell tower).
Academics say they tested the attack in a real-world scenario and found that several mobile operators are affected and have worked with the GSM Association (GSMA), the organization that controls telephony standards, to solve the problem.
What are LTE, VoLTE and encrypted calls
But to understand how the ReVoLTE attack works, ZDNet readers must first know how modern mobile communications work.
Today, the latest version of mobile telephony standards is 4G, also often referred to as Long Term Evolution (LTE).
Voice over LTE (VoLTE) is one of the many protocols that make up the larger LTE / 4G mobile standard. As the name suggests, VoLTE handles voice communication in 4G networks.
By default, the VoLTE standard supports encrypted calls. For each call, mobile operators must select an encryption key (called a current digit) to secure the call. Normally, the encoder should be unique for each call.
How the ReVoLTE attack works
However, a team of academics from Ruhr University in Bochum, Germany, has discovered that not all mobile operators follow the 4G standard to the letter of the law.
Researchers say that although mobile operators actually support encrypted voice calls, many calls are encrypted with the same encryption key.
In their research, academics said that the problem is usually manifested at the base station level (mobile cell tower), which in most cases reuses the same power digit or uses predictable algorithms to generate the encryption key for voice calls.
In a real-world scenario, academics say that if an attacker could record a conversation between two 4G users using a vulnerable mobile tower, they could decrypt it at a later time.
All an attacker has to do is call one of the victims and record the conversation. The only catch is that the attacker must make the call from the same vulnerable base station to have their own call encrypted with the same / predictable encryption key.
“The longer the attacker [talks] for the victim, the more content in the previous conversation he or she [is] can decrypt, “said David Rupprecht, one of the academics.
“For example, if the attacker and the victim spoke for five minutes, the attacker could later decode five minutes from the previous conversation.”
The attacker can compare the two recorded conversations, determine the encryption key, and then reset the previous conversation. A demo of a typical ReVoLTE attack is available embedded below:
Researchers say the equipment to pull out a ReVoLTE attack costs about $ 7,000. While the price may seem steep, it is certainly within the price range of other 3G / 4G mobile eavesdropping tools, usually employed by law enforcement or criminal gangs.
The problem was reported to GSMA, corrected spots
The research team said it conducted thorough research on how widespread the problem was in real-world implementations of 4G mobile cell towers.
Researchers analyzed a random sample of base stations across Germany and said they found that 80% used the same encryption key or predictable one, and exposed users to ReVoLTE attacks.
Academics said they reported the problems to both German mobile operators and the GSMA body in December 2019, and that GSMA issued updates to the implementation of the 4G protocol to manage and prevent ReVoLTE attacks.
“We then tested several random radio cells across Germany and have not detected any problems since,” Rupprecht said today.
App available for mobile phones
But researchers say that although German mobile operators appear to have fixed the problem, other telecoms around the world are likely to be vulnerable.
Therefore, the research team today released an Android app that mobile operators can use to test their 4G networks and base stations and see if they are vulnerable to ReVoLTE attacks. The app has been opened on GitHub.
Details of the ReVoLTE attack can be found on a dedicated website published today by the research team after presenting their work at the USENIX 29 security conference. A video of the ReVoLTE presentation given by the research team at USENIX is available on this page.
A scientific document describing the ReVoLTE attack can also be downloaded as a PDF here and here. The article is called “Call me maybe: eavesdrops on encrypted LTE calls with ReVoLTE“.
The research team behind the ReVoLTE attack is the same team that earlier this year discovered the IMP4GT attack on the 4G protocol, a vulnerability that allowed 4G users to indulge in other subscribers and sign up for paid services at another user’s expense.
Today’s ReVoLTE revelation is the latest in a long list of vulnerabilities identified in the 4G / LTE protocol in recent years. Previous findings were also published in March 2019, February 2019, July 2018, June 2018, March 2018, June 2017, July 2016 and October 2015.