Ghost calls from operational 4G call systems: IMS vulnerability, call DoS attack, and countermeasure

Yu Han Lu, Chi Yu Li, Yao Yu Li, Sandy Hsin Yu Hsiao, Tian Xie, Guan Hua Tu, Wei Xun Chen

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

IMS (IP Multimedia Subsystem) is an essential framework for providing 4G/5G multimedia services. It has been deployed worldwide to support two call services: VoLTE (Voice over LTE) and VoWi-Fi (Voice over Wi-Fi). VoWi-Fi enables telephony calls over the Wi-Fi network to complement VoLTE. In this work, we uncover that the VoWi-Fi signaling session can be hijacked to maliciously manipulate the IMS call operation. An adversary can easily make ghost calls to launch a stealthy call DoS (Denial of Service) attack against specific cellular users. Only phone numbers, but not any malware or network information, are required from the victims. This sophisticated attack harnesses a design defect of the IMS call state machine, but not simply flooding or a crash trigger. To stealthily detect attackable phones at run time, we exploit a vulnerability of the 4G network infrastructure, call information leakage, which we explore using machine learning. We validate these vulnerabilities in operational 4G networks of 4 top-tier carriers across Asia and North America countries with 7 phone brands. Our result shows that the call DoS attack can prevent the victims from receiving incoming calls up to 99.0% time without user awareness. We finally propose and evaluate recommended solutions.

Original languageEnglish
Title of host publicationProceedings of the 26th Annual International Conference on Mobile Computing and Networking, MobiCom 2020
PublisherAssociation for Computing Machinery
Pages96-109
Number of pages14
ISBN (Electronic)9781450370851
DOIs
StatePublished - 16 Apr 2020
Event26th Annual International Conference on Mobile Computing and Networking, MobiCom 2020 - London, United Kingdom
Duration: 21 Sep 202025 Sep 2020

Publication series

NameProceedings of the Annual International Conference on Mobile Computing and Networking, MOBICOM

Conference

Conference26th Annual International Conference on Mobile Computing and Networking, MobiCom 2020
CountryUnited Kingdom
CityLondon
Period21/09/2025/09/20

Keywords

  • Application layer protocols
  • Denial-of-service attacks
  • Mobile and wireless security
  • Networks
  • Security and privacy

Fingerprint Dive into the research topics of 'Ghost calls from operational 4G call systems: IMS vulnerability, call DoS attack, and countermeasure'. Together they form a unique fingerprint.

Cite this