Security gap allows eavesdropping on mobile phone calls

August 12, 2020

Calls via the LTE mobile network, also known as 4G, are encrypted and should therefore be tap-proof. However, researchers from the Horst Görtz Institute for IT Security (HGI) at Ruhr-Universität Bochum have shown that this is not always the case. They were able to decrypt the contents of telephone calls if they were in the same radio cell as their target, whose mobile phone they then called immediately following the call they wanted to intercept. They exploit a flaw that some manufacturers had made in implementing the base stations.

The results were published by the HGI team David Rupprecht, Dr. Katharina Kohls, and Professor Thorsten Holz from the Chair of Systems Security together with Professor Christina Pöpper from the New York University Abu Dhabi at the 29th Usenix Security Symposium, which takes place as an online conference from 12 to 14 August 2020. The relevant providers and manufacturers were contacted prior to the publication; by now the vulnerability should be fixed.

Reusing keys results in security gap

The vulnerability affects Voice over LTE, the telephone standard used for almost all mobile phone calls if they are not made via special messenger services. When two people call each other, a key is generated to encrypt the conversation. "The problem was that the same key was also reused for other calls," says David Rupprecht. Accordingly, if an attacker called one of the two people shortly after their conversation and recorded the encrypted traffic from the same cell, he or she would get the same key that secured the previous conversation.

"The attacker has to engage the victim in a conversation," explains David Rupprecht. "The longer the attacker talked to the victim, the more content of the previous conversation he or she was able to decrypt." For example, if attacker and victim spoke for five minutes, the attacker could later decode five minutes of the previous conversation.

Identifying relevant base stations via app

In order to determine how widespread the security gap was, the IT experts tested a number of randomly selected radio cells across Germany. The security gap affected 80 per cent of the analysed radio cells. By now, the manufacturers and mobile phone providers have updated the software of the base stations to fix the problem. David Rupprecht gives the all-clear: "We then tested several random radio cells all over Germany and haven't detected any problems since then," he says. Still, it can't be ruled out that there are radio cells somewhere in the world where the vulnerability occurs.

In order to track them down, the Bochum-based group has developed an app for Android devices. Tech-savvy volunteers can use it to help search worldwide for radio cells that still contain the security gap and report them to the HGI team. The researchers forward the information to the worldwide association of all mobile network operators, GSMA, which ensures that the base stations are updated. Additional information is available on the website

"Voice over LTE has been in use for six years," says David Rupprecht. "We're unable to verify whether attackers have exploited the security gap in the past." He is campaigning for the new mobile phone standard to be modified so that the same problem can't occur again when 5G base stations are set up.

Ruhr-University Bochum

Related Mobile Phone Articles from Brightsurf:

Swirl power: how gentle body movement will charge your mobile phone
Scientists have discovered a way to generate electricity from nylon - the stretchy fabric used widely in sportswear and other shape-hugging apparel - raising hopes that the clothes on our backs will become an important source of energy.

Association of mobile phone location data indications of travel, stay-at-home mandates with COVID-19 infection rates in US
Anonymous mobile phone location data were used to examine travel and home dwelling time patterns before and after enactment of stay-at-home orders in US states to examine associations between changes in mobility and the COVID-19 curve.

Security gap allows eavesdropping on mobile phone calls
Calls via the LTE mobile network, also known as 4G, are encrypted and should therefore be tap-proof.

Some mobile phone apps may contain hidden behaviors that users never see
A team of cybersecurity researchers has discovered that a large number of cell phone applications contain hardcoded secrets allowing others to access private data or block content provided by users.

How secure are four and six-digit mobile phone PINs?
A German-American team of IT security researchers has investigated how users choose the PIN for their mobile phones and how they can be convinced to use a more secure number combination.

World's smelliest fruit could charge your mobile phone
Pungent produce packs an electrical punch. New method using world's 'most repulsive smelling fruit' could 'substantially reduce' the cost of energy storage.

LTE vulnerability: Attackers can impersonate other mobile phone users
Exploiting a vulnerability in the mobile communication standard LTE, also known as 4G, researchers at Ruhr-Universit├Ąt Bochum can impersonate mobile phone users.

A photo taken with a mobile phone to detect frauds in rice labelling
Including plastic that is undetectable by the consumer or distorting the quality of the product are some of the frauds facing the third most consumed cereal in the world: rice.

Mapping disease outbreaks in urban settings using mobile phone data
A new EPFL and MIT study into the interplay between mobility and the 2013 and 2014 dengue outbreaks in Singapore has uncovered a legal void around access to mobile phone data -- information that can prove vital in preventing the spread of infectious diseases.

Mobile phone data reveals non-market value of coastal tourism under climate change
Big data application is an emerging field in climate change adaptation.

Read More: Mobile Phone News and Mobile Phone Current Events is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to