Talking on the mobile is something that, throughout the week, we can do several times. Normally we use the coverage of our line to call. However, for some time we can use 4G calls, also known as VoLTE calls.
The main problem with this is that they have discovered that they are not as Private as they imagined from the beginning. So the security of VoLTE calls are now in question. And all because they have managed to come up with a 4G network attack with which you can expose the metadata of the VoLTE calls that are made.
VoLTE calls and your privacy
From the beginning, the idea has been expressed that VolTE calls, which provide VoIP connectivity (technology with which you can make voice calls over the mobile network) in a reliable and secure way, were far from having privacy concerns. Instead, different researchers from China and the United Kingdom have developed a particular attack for 4G networks with which get call metadata during conversations that are made through VoLTE.
It must be clear that VoLTE encrypts voice data that are sent between the mobile and the 4G network, in this case using stream encryption. However, with this new discovery, it is possible to completely break the security of calls using 4G networks. Although, it has not been the only time in which it has been possible to discover some other vulnerability of this technology.
If we look back, approximately 3 years, we can see how it was also shown to be vulnerable after a reused key attack. Hence, researchers began to know the LTE call spying encrypted with ReVoLTE. But, the thing does not end there.
4G call metadata
This group of researchers from China and the United Kingdom have managed to find a particular way to access the metadata of VoLTE calls which, supposedly, were encrypted. So now we know that the security of this technology was not as good as we thought. Specifically, they have been able to find out the VoLTE activity records offered by information about call times, that is, the duration. Or, also, if it was an incoming or outgoing call.
Luckily, there are different systems that ensure anonymity for users, such as TMSI (Temporary Mobile Subscriber Identity), GUTI (Globally Unique Temporary Identity) and SUCI (Hidden Subscription Identifier). In this way, no matter how Anyone can intercept this data Specifically, 4G calls, the truth is that they cannot be associated with a particular SIM card or user.
The problem appears when any attacker is allowed to make inferences about the network interaction. Even though messages cannot be read due to encryption, they can get to know the duration and if it is an incoming or outgoing call and all because”the unencrypted MAC subheader in our mobile repeater, the attacker can learn the Logical Channel ID (LCID) of the sub-PDU (Protocol Data Unit)“, as the researchers say.
