A team of researchers (David Rupprecht, Katharina Kohls, Thorsten Holz, and Christina Pöpper) presented a new attack, which is called ‘ReVoLTE’. The attack might allow remote hackers to break the encrypted connection between targeted phone calls.
What is VoLTE?
VoLTE stands for Voice over Long Term Evolution, which is standard wireless high-speed communication. Its main purpose is to provide high-quality voice communication to LTE networks. All big telecommunication companies use VoLTE to secure the phone calls. What VoLTE is responsible for is encrypting the voice data between the phone and the network with a stream cipher. The stream cipher generates a unique keystream in return and prevents the keystream reuse.
The ReVoLTE attack
The problem arises when mobile operators use the same keystream for two phone calls within the same radio connection. Basically, the reuse of the same keystream by base stations allows hackers to perform ReVoLTE attack and to decrypt the content of VoLTE calls.
The scenario of the ReVoLTE attack
To perform the attack successfully, the hacker must be fully prepared. He needs to be connected to the same base station as the victim, place a downlink sniffer to the monitor and record the call made by the victim.
The second part of the attack starts when the victim hangs up. The hacker calls the victim back immediately and initiates the calls with a duration equal to the ‘targeted call’. The duration is important due to the full ‘targeted call’ content recovery, otherwise, only separate parts of the conversation will be recovered. Why does the hacker call the victim back immediately?- So he would be connected to the same radio station as the ‘targeted call’.
How to make safe calls over the Internet?
The above-mentioned research demonstrates the imperfection and the possibility of LTE networks’ bad implementation. The ReVoLTE attack shows that it is possible to hack and to decrypt the voice data.
It is worth mentioning that you can also make VoIP calls (voice calls over the Internet). By choosing proven and trusted solutions, VoIP provides more secure calls than landline telephony. Encryption of all of your internet connection means your VoIP calls are protected from data retention. Other than that, your speed connection won’t be slowed down, so you will experience smooth and uninterrupted calls.