Insecurity of voice solution VoLTE in LTE mobile networks

Chi-Yu Li, Guan Hua Tu, Chunyi Peng, Zengwen Yuan, Yuanjie Li, Songwu Lu, Xinbing Wang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

37 Scopus citations

Abstract

VoLTE (Voice-over-LTE) is the designated voice solution to the LTE mobile network, and its worldwide deployment is underway. It reshapes call services from the traditional circuit-switched telecom telephony to the packet-switched Internet VoIP. In this work, we conduct the first study on VoLTE security before its full rollout. We discover several vulnerabilities in both its control-plane and dataplane functions, which can be exploited to disrupt both data and voice in operational networks. In particular, we find that the adversary can easily gain free data access, shut down continuing data access, or subdue an ongoing call, etc. We validate these proof-of-concept attacks using commodity smartphones (rooted and unrooted) in two Tier-1 US mobile carriers. Our analysis reveals that, the problems stem from both the device and the network. The device OS and chipset fail to prohibit non-VoLTE apps from accessing and injecting packets into VoLTE control and data planes. The network infrastructure also lacks proper access control and runtime check.

Original languageEnglish
Title of host publicationCCS 2015 - Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery
Pages316-327
Number of pages12
ISBN (Electronic)9781450338325
DOIs
StatePublished - 12 Oct 2015
Event22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015 - Denver, United States
Duration: 12 Oct 201516 Oct 2015

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
Volume2015-October
ISSN (Print)1543-7221

Conference

Conference22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015
CountryUnited States
CityDenver
Period12/10/1516/10/15

Keywords

  • Attack
  • Cellular networks
  • Defense
  • LTE
  • VoLTE

Fingerprint Dive into the research topics of 'Insecurity of voice solution VoLTE in LTE mobile networks'. Together they form a unique fingerprint.

  • Cite this

    Li, C-Y., Tu, G. H., Peng, C., Yuan, Z., Li, Y., Lu, S., & Wang, X. (2015). Insecurity of voice solution VoLTE in LTE mobile networks. In CCS 2015 - Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (pp. 316-327). (Proceedings of the ACM Conference on Computer and Communications Security; Vol. 2015-October). Association for Computing Machinery. https://doi.org/10.1145/2810103.2813618