German researchers have spotted a flaw in the 4G LTE network, which makes it possible to listen to calls made on the same cell phone. The fix is being rolled out, but the research team is making an Android app available to spot the remaining vulnerable cells.
The phone calls we make over the LTE network, also known as 4G, are all encrypted. In theory, it should therefore be almost impossible for an average user, without access to operator resources, to listen to these conversations. But a German study (available here) researchers from the Horst Görtz Institute at Ruhr-Universität Bochum proved that this was not always the case. They managed to decrypt and then listen to various telephone conversations of users. Here is a live demonstration.
This vulnerability affects Times (Voice over LTE), the main standard used for traditional telephone calls on cellular networks of the same name, excluding specialized messaging services. To encrypt the conversations of its users, the network will generate and assign a security key to the user. So far, nothing alarming … except that this key can be reused for other calls. This means that a particularly cunning hacker can use this key to break the encryption of a communication. To do this, it suffices to place itself in the same cell of the 4G network (they measure from a few tens to several hundred meters). He can then call one of the two target conversation participants to get the key to the previous conversation. “The attacker must strike up a conversation with his victim”, Explains David Rupprecht, head of the research team behind this discovery. “The longer the attacker speaks to his victim, the more he can decipher the content of the conversation”.
A major flaw being corrected
To estimate the extent of the damage associated with this flaw, the researchers analyzed a large number of randomly selected cells across Germany. The results are quite worrying since nearly 80% of them were vulnerable to this attack, called ReVoLTE. This is therefore a gaping flaw in this extremely widespread protocol. Far from being anecdotal, it represents a very concrete risk in terms of confidentiality. For this reason, the research team immediately shared their findings with operators and manufacturers, before publishing their paper to minimize risk. Ideally, many of these vulnerabilities should therefore already be repaired. On the other hand, we can expect that not all have yet had the time (or the goodwill) necessary to tackle it.
A mobile application to test your network
But the researchers thought about this possibility, and developed an Android application specially designed for this purpose. It is therefore enough to install it to check if a cell is vulnerable to the ReVoLTE attack. If necessary, the contact details of the cell concerned will be sent directly to the GSMA, a consortium that brings together 800 of the largest operators in the world. The more hackers among you will find the application on the page GitHub of the team.
–
