ReVoLTE is a new attack that could allow remote attackers to break the encryption used by VoLTE voice calls, and spy on targeted phone calls.
While ReVoLTE attack was uncovered by a team of academics from Ruhr University Bochum who posited that the attack doesn't actually exploit any known flaw in the Voice over LTE (VoLTE) protocol; rather, ReVoLTE leverages on weak implementation of the LTE mobile network by most providers, allowing an attacker to eavesdrop on the encrypted phone calls.
Voice over LTE (VoLTE) is a packet-based telephony service that is seamlessly integrated into the Long Term Evolution (LTE) standard deployed by most telecommunication providers.
How ReVoLTE attack exploits vulnerable base stations?
The issue with these base stations is that mobile operators most often use the same keystream for subsequent calls within a radio connection to encrypt the voice data from the phone to the mobile phone tower (base station).
ReVoLTE attack exploits this reuse of the same keystream, thus allowing attackers to decrypt the contents of VoLTE powered voice calls.
However, for this to be possibe, the attacker must be connected to the same base station as the victim with a downlink sniffer placed to monitor and record a 'targeted call' made by the victim in order to be decrypted later, as part of the initial phase of the attack.
Additionally, the attacker will be required to call the victim within 10 seconds immediately, to enforce the vulnerable base station into initializing a new call between the victim and attacker on the same connection as used by the previous targeted call.
How to Detect the ReVoLTE Attack
The researchers tested a number of randomly selected radio cells across Germany to determine the scope of the issue and discovered that 12 out of 15 base stations in Germany are affected.
And they promptly notified the affected base station operators about the ReVoLTE attack via the GSMA Coordinated Vulnerability Disclosure Programme in December 2019, and the operators have all managed to deploy the patches by the time of the publication.
But since the issue may also affect a large number of providers worldwide, the researchers went ahead to release an app, called 'Mobile Sentinel,' that could be used to detect whether a 4G network and base stations are vulnerable to the ReVoLTE attack.