Privacy on the line: Boffins break VoLTE phone security


Boffins based in China and the UK have devised a telecom network attack that can expose call metadata during VoLTE/VoNR conversations.

Voice over LTE (VoLTE) is a packet-based telephony service that’s part of the LTE standard and is widely used by major telecom providers. It’s similar to Voice over New Radio (VoNR), a 5G flavor of the technology.

VoLTE/VoNR – or just VoLTE for the sake of avoiding alphanumeric jumbles – encrypts voice data sent between phone and network using a stream cipher. Three years ago, it was shown to be vulnerable to a reused key attack. This allowed researchers to develop the ReVoLTE attack, which exposes encrypted LTE calls. Various other explorations have demonstrated that the data exchanged between phones and cell towers continues to be poorly protected at both the physical layer and the data layer.

Read more…