Sign In

Communications of the ACM

ACM TechNews

Security Gap Allows Eavesdropping on Mobile Phone Calls


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
man holding mobile phone to ear

Calls made using Voice over LTE were vulnerable, researchers found.

Credit: RUB

Researchers from Ruhr-Universitat Bochum (RUB) in Germany and New York University Abu Dhabi in the U.A.E. eavesdropped on cellphone calls by exploiting a security flaw in basestation implementations. The bug impacts the Voice over LTE (4G) standard used for nearly all cellphone calls not made through special messenger services.

To exploit the flaw, a hacker who called one of two people shortly after their conversation, and recorded the encrypted traffic from the same cell, would receive the same key that shielded the previous conversation. Tests of randomly chosen radio cells in Germany revealed that the vulnerability affected 80% of the cells. Manufacturers and phone providers subsequently updated the basestations' software to patch the bug.

The RUB team developed an application for Android devices to track down still-vulnerable radio cells, and report the information to the Global System for Mobile Communications Association.

From Ruhr-University Bochum
View Full Article

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


 

No entries found