A group of researchers from the Ruhr University in Bochum (Germany) introduced the Revolte attack technique, which allows intercepting encrypted voice calls on mobile networks 4G / LTE used to transmit voice traffic with VoLTE (Voice over the LTE) technology.
To prevent telephone calls from being intercepted in VoLTE, the channel between the customer and the operator is encrypted based on a stream encryption.
The specification prescribes the generation of a single key stream for each session, but as the researchers revealed, 12 of the 15 tested base stations do not meet this condition and reuse the same key stream for two consecutive calls on the same radio channel or use predictable methods to generate a new sequence.
Keystream reuse allows an attacker to decrypt the traffic of recorded encrypted conversations. To decrypt the content of a voice call, the attacker first intercepts and stores encrypted radio traffic between the victim and the vulnerable base station.
After the call is finished, the attacker calls the victim back and tries to continue the conversation as long as possible, preventing the victim from hanging up. During this conversation, in addition to recording the encrypted radio traffic, the original unencrypted audio signal is also stored.
Voice over LTE (VoLTE) is a packet-based telephony service perfectly integrated into the Long Term Evolution (LTE) standard. Today, all major telecom operators use VoLTE. To secure phone calls, VoLTE encrypts voice data between the phone and the network with stream encryption. Stream encryption will generate a unique key stream for each call to avoid the problem of key stream reuse.
Introducing ReVoLTE, an attack that takes advantage of an LTE implementation flaw to recover the content of an encrypted VoLTE call.
This allows an adversary to eavesdrop on VoLTE phone calls. ReVoLTE makes use of predictable keystream reuse, which was discovered by Raza & Lu. Finally, the reuse of the key stream allows an adversary to decrypt a recorded call with minimal resources.
To decrypt the victim's first call, the attacker, based on the encrypted traffic intercepted during the second call and the original voice data recorded on the attacker's phone, can calculate the value of the key stream, which is determined by the operation XOR between open and encrypted data.
Since the key stream is reused, by applying the key stream calculated for the second call to the encrypted data from the first call, the attacker can gain access to its original content. The longer the second conversation between the attacker and the victim lasted, the more information from the first call can be decoded. For example, if the attacker managed to stretch the conversation for 5 minutes, then he will be able to crack 5 minutes.
To capture over-the-air encrypted traffic from LTE networks, the researchers used the AirScope signal analyzer and to obtain the original voice stream during the attacker's call, they used Android smartphones controlled via ADB and SCAT.
The cost of the equipment needed to carry out the attack is estimated at $ 7,000.
Base station manufacturers were notified of the problem last December and most have already released patches to correct the vulnerability. However, some operators may have ignored the updates.
To check the susceptibility to the problem of LTE and 5G networks, a special mobile application has been prepared for the Android 9 platform (for its operation, you need root access and a smartphone on Qualcomm chips, such as Xiaomi Mi A3, One Plus 6T and Xiaomi Mix 3 5G).
In addition to determining the presence of a vulnerability, the application can also be used to capture traffic and view service messages. Captured traffic is saved in PCAP format and can be sent to a user-specified HTTP server for more detailed analysis with typical tools.
Source: https://revolte-attack.net/
Thanks for sharing this information.