Vulnerability in LTE networks allows eavesdropping on other people's phone conversations

For mobile users especiallyit is important to preserve confidentiality, which is ensured by encrypted conversations in LTE (4G) networks. However, security experts from the German Horst Hertz Institute (HGI) at the Ruhr University have identified a flaw in the encryption system, which in some cases allows wiretapping.

The vulnerability was identified in systems usingVoice over LTE standard, which implements the transmission of mobile phone calls in LTE networks that are not made through special voice messaging services.

When two users talk, athe encryption key of the conversation. However, HGI experts have found that the same key can be reused in other conversations. To obtain an identical key suitable for decrypting the conversation, the attacker must call back immediately after the first call ends. In this case, and only when using the same mobile communication towers, criminals will be able to receive the same key as in the previous call.

Also, to decrypt a conversation, the attacker must involve the user in the conversation, since the duration of the decrypted conversation will directly depend on the time of the conversation with the criminal.

As a result of testing randomly selectedtowers, HGI specialists identified vulnerabilities in 80% of cases. Mobile cell manufacturers have been alerted to the problem and the base station software has now been updated. However, experts warn that there may be towers somewhere in the world, communication through which is still subject to the identified vulnerability.

Source: techxplore