WTH is ReVoLTE? An attack that allows hackers to listen in on calls

Decrypt VoLTE calls with minimal resources.

It’s a new attack that lets hackers decrypt VoLTE encryption to spy on calls!

A small group of academic researchers from Ruhr University Bochum and New York University Abu Dhabi revealed an attack they’ve called ‘ReVoLTE’ that could allow remote hackers to break the VoLTE encryption to spy on targeted calls. It’s apparently not a flaw in the VoLTE protocol, but instead how mobile operators have implemented it commercially, in practice.

Have a peak at the demo of the attack:

Now, All this is very well, but …

How do you get to know if you have a tower in the network that is vulnerable to this?

The good folks David Rupprecht, Katharina Kohls, Thorsten Holz, and Christina Pöpper along with Bedran have an app called Mobile Sentinel that lets you test it. Here’s the link to the Github Page of the Mobile Sentinel App. Enjoy!

Mobile Sentinel requires a Qualcomm based Android phone with root access as it builds upon the Qualcomm’s mdlog tool.

How does it work?

ReVoLTE exploits an LTE implementation flaw to recover the contents of an encrypted VoLTE call. This enables an adversary to eavesdrop on VoLTE phone calls. ReVoLTE makes use of a predictable keystream reuse, which was discovered by Raza & Lu. Eventually, the keystream reuse allows an adversary to decrypt a recorded call with minimal resources — and herein lies the risk.

Moral of the story: You can buy a Ferrari but you need a worthy driver to make the most of it.