Image: Rupprecht et al.
A team of academics this week detailed a vulnerability in the Voice over LTE (VoLTE) protocol that could be used to break the encryption on 4G voice calls.
Named ReVoLTE, researchers say this attack is possible because mobile operators often use the same encryption numbers to secure multiple 4G voice calls that take place through the same base station (mobile cell tower).
Academics say they tested the attack in a real-world scenario and found that multiple mobile operators are affected, and have partnered with the GSM Association (GSMA), the organization that governs telephone standards, to solve the problem.
What are LTE, VoLTE and encrypted calls
But to understand how the ReVoLTE attack works, ZDNet readers must first know how modern mobile communications work.
Today, the latest version of standards for mobile phone is 4G, also often referred to as Long Term Evolution (LTE).
Voice over LTE (VoLTE) is one of the many protocols that make up the larger LTE / 4G mobile standard. As the name suggests, VoLTE handles voice communications on 4G networks.
By default, the VoLTE standard supports encrypted calls. For each call, mobile operators have to select an encryption button (called a stream cipher) to secure the call. Normally, the stream numbers should be unique for each call.
How the ReVoLTE attack works
However, a team of academics from the Ruhr University in Bochum, Germany, has discovered that not all mobile operators follow the 4G standard after the letter of the law.
Researchers say that while mobile operators do indeed support encrypted voice calls, many calls are encrypted using the same encryption key.
In their research, academics said that the problem usually manifests at the base station (mobile cell tower) level, which, in most cases, uses the same stream script, or uses predictable algorithms to generate the encryption key for voice calls.
In a real world scenario, academics say that if an attacker can record a conversation between two 4G users with a vulnerable mobile tower, they can decrypt it at a later point.
All an attacker has to do is place a call to one of the victims and record the conversation. The only catch is that the attacker has to place the call from the same vulnerable base station, in order to encrypt his own call with the same / predictable encryption key.
“The longer the attacker [talks] for the victim, the more content of the previous conversation he or she [is] able to decipher, “said David Rupprecht, one of the academics.
“For example, if attacker and victim spoke for five minutes, the attacker could later decrypt five minutes from the previous conversation.”
The attacker can compare the two recorded conversations, determine the coding session and then retrieve the previous conversation. A demo of a typical ReVoLTE attack is embedded below:
Researchers say the equipment to repel a ReVoLTE attack cost about $ 7,000. While the price may seem steep, it is certainly in the price range of other 3G / 4G mobile interceptive gear, mostly deployed through legislation or criminal ties.
Release reported to the GSMA, patches deployed
The research team said the in-depth investigation looked at how widespread the problem was in the actual deployment of 4G mobile turrets.
Researchers analyzed a random selection of base stations in Germany and said they found that 80% used the same coding numbers as a predictable one, exposing users to ReVoLTE attacks.
Academics said that in December 2019, they reported the issues to both German mobile operators and the GSMA body, and that the GSMA provided updates for the implementation of the 4G protocol to address and prevent ReVoLTE attacks.
“We then tested several random radio cells throughout Germany and have not detected any problems since then,” Rupprecht said today.
App available for mobile telcos
But researchers say that while German mobile operators seem to be fixing the problem, other telcos around the world are likely to be vulnerable.
That’s why the research team today released an Android app that mobile operators can use to test their 4G networks and base stations and see if they are vulnerable to ReVoLTE attacks. The app is open-sourced on GitHub.
Details of the ReVoLTE attack can be found on a dedicated website published by the investigation team today after presenting their work at the security conference USENIX 29. A video of the ReVoLTE presentation given by the investigation team at USENIX is available on this page.
A scientific paper detailing the ReVoLTE attack can also be downloaded as a PDF from here and here. The paper is entitled “Call me maybe: extract encrypted LTE calls with ReVoLTE. “
The research team behind the ReVoLTE attack is the same team that earlier this year discovered the IMP4GT attack on the 4G protocol, a vulnerability that allows 4G users to personalize other subscribers and sign up for paid services at the expense of another user.
The ReVoLTE current revelation is the latest in a long list of vulnerabilities identified in the 4G / LTE protocol in recent years. Previous findings were also published in March 2019, February 2019, July 2018, June 2018, March 2018, June 2017, July 2016, and October 2015.
