Recently, the security researchers have detected a new vulnerability this week, and they affirmed that this vulnerability was named as ReVoLTE.
The reason behind this vulnerability was because mobile operators often utilize the similarly encryption key to obtain multiple 4G voice calls that take place through the similarly base station.
This vulnerability holds the weak applications of the LTE mobile network by most telecommunication contributors in usage, enabling an attacker to monitor the encrypted phone calls produced by targeted victims.
But, the security experts have examined the whole flaw in the real-world scenario, and they claimed that they detected several mobile operators are affected. Not only this, but the security experts have worked with the GSM Association (GSMA), the association that administers telephony measures to solve these types of issues.
What Does ReVoLTE exploit?
The most popular and common version of mobile telephony standards is 4G, which is also known as LTE (Long Term Evolution). Voice over LTE (VoLTE) is one of the most desired protocols that make up the bigger LTE/4G mobile standard.
The name, VoLTE itself suggests that manages voice information on 4G networks. The VoLTE supports encrypted calls, and mobile operators must pick an encryption key to ensure the call. Here, the main thing that should be different is the stream cipher; even it should be different for every call as well.
“Researchers explained this attack on the separate ReVoLTE website where the researchers demonstrated the practical feasibility of the ReVoLTE attack by implemented an end-to-end version of the attack within a commercial network (which was vulnerable) and commercial phones.”
“Also researchers use the downlink analyzer Airscope by Software Radio System to sniff the encrypted traffic. Further, we use three Android-based phones which are controlled via ADB and SCAT to obtain the known-plaintext at the attacker’s phone.”
How Does ReVoLTE Attack Works?
The foremost thing that the threat actors should do is to get connected to the same base station that the victim was using. And the attacker should place a downlink sniffer to observe and designate the ‘targeted call’ that are produced by the victim as these calls need to be decrypted.
Once the threat actors are done with the targeted calls, now the attacker will call the victim, after 10 seconds of the designation.
Doing this would force the unprotected network into starting a new call between victim and attacker on the same base station that is used by the previous targeted call.
Now the threat actors make the victim confuse by their words and keep them busy in talking, and all their conversation gets recorded in the plaintext. And that’s why it will help the threat actor later to compute the call.
Attack Demonstration
Moreover, the security experts affirmed that the REVOLTE always aims to collect the encrypted contents of a voice call, and this vulnerability has two attack phases.
The initial one covers the recording of the targeted call before the following keystream call enables to exploit of the keystream and to collect all information that is needed to decrypt the targeted calls. you can read the complete technical research papers here.
App for mobile Telcos
The experts have released an Android app that mobile administrators can apply to examine their 4G networks and base stations, and they can also see if they are exposed to ReVoLTE attacks or not.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
Also Read:
Critical Vulnerabilities in Amazon Alexa Let Hackers Steal Personal Data & Remotely Install Skills
Severe Security Vulnerabilities in the Samsung Phones Let Hackers to Launch Remote Attacks
.webp "“Mobile NotPetya”!! Surge in Zero-click Vulnerabilities, Conditions Favour")
.webp "Data Center Ransomware Attacks on Rise: Microsoft SQL Server is Prime Target"){kind=small}
