Call Me Maybe: Eavesdropping Encrypted LTE Calls With REVOLTE

Abstract

Voice over LTE (VoLTE) is a packet-based telephony service seamlessly integrated into the Long Term Evolution (LTE) standard and deployed by most telecommunication providers in practice. Due to this widespread use, successful attacks against VoLTE can affect a large number of users worldwide. In this work, we introduce REVOLTE, an attack that exploits an LTE implementation flaw to recover the contents of an encrypted VoLTE call, hence enabling an adversary to eavesdrop on phone calls. REVOLTE makes use of a predictable keystream reuse on the radio layer that allows an adversary to decrypt a recorded call with minimal resources. Through a series of preliminary as well as real-world experiments, we successfully demonstrate the feasibility of REVOLTE and analyze various factors that critically influence our attack in commercial networks. For mitigating the REVOLTE attack, we propose and discuss short- and long-term countermeasures deployable by providers and equipment vendors.