Security News > 2023 > January > Privacy on the line: Boffins break VoLTE phone security

Boffins based in China and the UK have devised a telecom network attack that can expose call metadata during VoLTE/VoNR conversations.

Researchers Zishuai Cheng and Baojiang Cui, with the Beijing University of Posts and Telecommunications, and Mihai Ordean, Flavio Garcia, and Dominik Rys, with the University of Birmingham, have found a way to access encrypted call metadata - VoLTE activity logs that describe call times, duration, and direction for mobile network conversations.

In a paper titled "Watching your call: Breaking VoLTE Privacy in LTE/5G Networks," they describe how they were able to use this metadata to map phone numbers - undetectably - to LTE and 5G-SA anonymized network identifiers.

Network operators give subscribers SIM cards with a unique identifier - referred to as an IMSI under 4G and SUPI under 5G. When subscribers connect to the network, they are assigned temporary identifiers - called Temporary Mobile Subscriber Identity under 3G systems and Globally Unique Temporary Identity on 4G and 5G systems.

Massive telecom outage in Japan kicks 40 million mobile users offline Microsoft pushes ahead adapting Azure for 5G telecoms after swallowing AT&T's Network Cloud Living up to its 'un-carrier' slogan, T-Mobile US stops carrying incoming calls, data in nationwide outage Overbudget and behind schedule, UK's Emergency Services Network reaches 500th base station milestone.

The traffic is then analyzed to obtain the victim's VoLTE logs and is combined with call details available to the attacker to link the phone number to the victim's network identity.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/01/11/volte_phone_security/