Security Week 34: VoLTE Transcript

An interesting study was presented at the 29th USENIX Security Conference on decrypting mobile calls in the event that a communication protocol is used VoLTE… This relatively recent technology involves the transmission of voice in the form of a data stream in LTE networks. Researchers from Germany and the UAE have discovered a vulnerability in the software for base stations, which allows decrypting data in a very non-trivial way.

The ReVoLTE attack became possible due to an error in the implementation of the voice conversation encryption protocol. If a subscriber makes or receives two calls in a row, a common stream cipher key is used for them. This feature was found in an earlier study, but the new work suggests a practical attack. It looks like this: the attacker intercepts the encrypted data stream, then makes a second call to the victim’s phone – this allows determining the encryption key. Using the received data, the attacker decrypts the contents of the first call.

Sources: news, website research, scientific work in PDF.

The purpose of the second call initiated by the attacker is to create conditions for re-using the key. Both calls must be made within the same data session, and, judging by the data from the scientific study, they must be made when connected to the same base station with an interval of no more than 10 seconds. During the second call, the attacker records its content. It then compares this open data with the intercepted encrypted version of the same call, thereby calculating the key. Since the stream of keys is the same, it becomes possible to decrypt the contents of the first call.

The attack turned out to be beautiful, although not very practical. There are too many conditions for successful deciphering of negotiations, although nothing is impossible here. The moment of a responsible conversation, which needs to be intercepted, needs to be known in advance, then to have time to call the victim back. And most importantly, as in Hollywood stories about telephone terrorists, you need to keep the victim in touch as long as possible. The amount of information that can be overheard will directly depend on the duration of the second call. That is: we talked with the victim for five minutes, deciphered five minutes of secret negotiations. Yes, among other things, the victim must be connected to the vulnerable base station, and the attacker must be nearby to intercept the radio transmission. After testing 15 of the nearby base stations, the researchers found that 12 of them were vulnerable. The possibility of an attack is closed by updating the software on the base station. To check the nearest BS, a mobile application has been posted on the researchers’ website.

What else happened:

Lots of patches. Microsoft closes 120 vulnerabilities, including two critical ones, actively used in real attacks. One of them affects the Internet Explorer browser, the second – the system for validating digital signatures of executable files.

Intel closes a serious vulnerability in the Emulex Pilot 3 controller – it is used for monitoring in a number of motherboards, in single-board modules and server equipment. A problem in the controller firmware allows remote access to the KVM console.

Serious vulnerabilities patched in Adobe Acrobate and Reader. Fixed a bug in browsers based on the Chromium engine that simplifies malicious attacks on users.

But the patch of last year’s serious vulnerability in the software for the vBulletin forums, as it turned out, is possible get around and implement a script for remote execution of arbitrary code without authorization.

Closed vulnerabilities in the feature for finding a lost Samsung phone. A detailed description of the problem is in this presentations at the DEF CON conference. On the topic of vulnerabilities in Samsung smartphones published great research on issues in the proprietary QMage image format handler.