By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    CryptoLocker is Bad News
    8 months ago
    Debunking the myths of malware and antivirus programs
    8 months ago
    Security Week 38: Cisco routers under attack, bug in AirDrop, CoinVault cryptohawkers aressted
    8 months ago
    Latest News
    Triangulation: Trojan for iOS | Kaspersky official blog
    2 days ago
    Wordfence Intelligence Weekly WordPress Vulnerability Report (May 22, 2023 to May 28, 2023)
    2 days ago
    Safeguards against firmware signed with stolen MSI keys
    4 days ago
    WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
    4 days ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    Surface Pro 4 teardown: Get a closer look at the components
    8 months ago
    How to reset Windows Update components on Windows 10
    8 months ago
    Windows 11 build 22610 with new changes in Dev and Beta Channels
    8 months ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    4 months ago
    Now you can speed up any video in your browser
    4 months ago
    How to restore access to a file after EFS or view it on another computer?
    4 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    5 months ago
  • How To
    How ToShow More
    Dynamic data collection with Zaraz Worker Variables
    Dynamic data collection with Zaraz Worker Variables
    1 day ago
    Reduce latency and increase cache hits with Regional Tiered Cache
    Reduce latency and increase cache hits with Regional Tiered Cache
    2 days ago
    Cloudflare is deprecating Railgun
    Cloudflare is deprecating Railgun
    2 days ago
    What is two-factor authentication | Kaspersky official blog
    5 days ago
    Acer refreshes Windows 11 PCs for work and play: Swift Edge 16 and Predator Triton 16
    1 week ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    How to clear and disable activity history on Windows 11
    3 months ago
    How to change new Outlook app theme on Windows 11
    2 months ago
    How to enable Hibernate on Windows 11
    1 month ago
    Latest News
    How to add CPU, GPU, RAM widgets on Windows 11
    2 days ago
    How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11
    5 days ago
    How to enable Taskbar End Task option to close apps on Windows 11
    5 days ago
    How to check USB4 devices specs from Settings on Windows 11
    5 days ago
  • Glossary
  • My Bookmarks
Reading: Something’s wrong with VoLTE
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
ThreatsWordpress Threats

Something’s wrong with VoLTE

Vitus White
Last updated: 13 October
Vitus White 8 months ago
Share
8 Min Read

While communication technology providers are seeking consensus over the future of 5G networks, carriers are wasting no time in rolling out new technologies available for the current 4G networks. Voice over LTE or simply VoLTE is one of these technologies. VoLTE allows transmitting voice calls over data layers.

Something's wrong with VoLTE

What exactly does that mean? Well, let us explain some technical details. Today’s cellular networks employ three ‘planes’: data, voice and control. We typically use the data plane for mobile Internet, and the voice plane for voice calls. The third plane, to put it simply, is used to manage everything what happens on the other two planes.

Traditional cellular networks handle voice calls through dedicated circuits. However, the 4G technology allows for the prioritization and transmission of voice traffic as packets with higher priority via the data plane. That is essentially VoLTE. The control plane packets have the highest priority. In essence, VoLTE is a sort of IP telephony (VoIP) adapted for use over cellular networks.

VoLTE brings a handful of benefits. First, ubiquitous VoLTE deployment will render existing 2G/3G infrastructures impractical and thus not necessary to support, since VoLTE won’t require a separate infrastructure to handle voice calls. Secondly, VoLTE offers higher bandwidth compared to 3G in boosting the voice quality.

4G is just beginning to become the norm, so why do we need 5G? – http://t.co/vP3wDv1X8s pic.twitter.com/t9ZR5neEcN

— Kaspersky Lab (@kaspersky) July 3, 2015

The third benefit is that VoLTE can be used for video conferencing. Last but not least, mobile carriers claim VoLTE offers better call privacy and faster connection. All in all, it looks like VoLTE has a number of critical benefits with no particular drawbacks. At least upon first impression.

As it usually happens, every breakthrough technology has its growing pains. Researchers from the University of California, in joint effort with their colleagues of Shanghai Jiao Tong University and the Ohio State University, demonstrated practical attacks on VoLTE in two US Tier-1 carriers’ networks.

Researchers discover new attacks amid VoLTE rollout https://t.co/WDoE6Aitai pic.twitter.com/WU3tm7tptO

— The Verge (@verge) October 22, 2015

The researchers managed to demonstrate how a criminal can drop all of the victim’s calls, or to increase the amount of charges on the victim’s cellular bill, or vice versa to gain free mobile data access. The interesting thing is that criminals don’t need to hack networks to achieve their goals, or use expensive equipment to carry out the attacks. All they need is an unrooted or rooted smartphone.

The researchers’ key finding is that one can fool VoLTE and send ordinary data packets masqueraded as ‘the high priority’ signal or voice packets

This means that a potential attacker can have carte blanche. Signal packets are not charged for, so once you use this ‘wrapper’ for ordinary data packets, you can be freed from a responsibility of paying for your data plan. To offer a proof of concept, the researcher had a 10-minute Skype call and the carrier never registered their consumption of data traffic.

LTE-U: on the way to 5G https://t.co/02VVd4Sla9 pic.twitter.com/2lYJmLtF6a

— Kaspersky Lab (@kaspersky) July 24, 2015

The signal (control) plane has the highest priority, which opens a pool of opportunities to culprits. If you jam up this layer with data packets masqueraded as signal packets, the signal packets won’t have enough bandwidth available. This method could be a means of cutting network access to someone or to launch a targeted attack and arrange network downtime by jamming it with faux signal packets.

Finally, attackers can use the same method to flood the victim with data packets which, provided the victim does not employ an unlimited data plan, might mean a lot of extra charges the target would need to pay to the carrier. Moreover, such attacks are not detected by firewalls, which are there to filter malicious traffic. In such an attack, a legitimate mobile traffic is used, which makes firewalls unable to detect an attack.

Hackers’ favorite new tool: supermalware ‘#Regin’ http://t.co/lf58E86nAz via @ThirdCertainty pic.twitter.com/6NrJg6nnni

— Kaspersky Lab (@kaspersky) December 4, 2014

All of the above concerned the ability to transfer data packets via the signal (control) plane, but the same approach could work on the voice plane as well. For example, the researchers managed to subdue a voice call over VoLTE: a victim would accept the call but couldn’t hear anything, as voice packets were lost in the flood of faux signal packets.

The researchers offer a handful of solutions to at least partially solve the issues; both carriers whose networks were probed during the research have already deployed some of them.

How #hackers can exploit #VoLTE technology vulnerability to compromise #4G networks. #mobile #security

Tweet

Countries like Germany or Russia have just started to roll out VoLTE services – so it may well be the case that all the carriers won’t be that fast patching the vulnerabilities.

Unfortunately, some of the vulnerabilities cannot be patched without making changes in VoLTE as a standard. Of course, carriers would be more vigilant of what happens in their networks and make sure to cut off the transmission of the signal traffic between any devices, except for legitimate connections between a phone and a signal server, but it is never enough.

To fix all VoLTE issues, there is a need for a joint effort of OEMs, chipset vendors, carriers and standardization bodies.

“When we have technology that threatens #mobile carriers business, they deal w/it by blocking access to their phones” @csoghoian #SAS2013

— Kaspersky Lab (@kaspersky) February 4, 2013

That’s the reason why the researchers try to widely publicize this problem: the more widely acknowledged the problem would become, the faster the solutions would be found.

Users, on their end, should treat their mobile security more seriously: in order to carry out the described attacks, adversaries would have to install a malicious app on smartphones. Such mobile malware is very likely to be detected by a good security software.

And, finally, the absolute majority of popular devices and 4G active networks don’t support VoLTE at all so far. Let us hope that, by the time VoLTE becomes a ubiquitous service, all security issues will be solved.


Source: kaspersky.com

Translate this article

TAGGED: Malware, Security, Software, Targeted Attack, Threats, Vulnerabilities
Vitus White October 13, 2022 October 7, 2022
Share this Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

Dynamic data collection with Zaraz Worker Variables
Dynamic data collection with Zaraz Worker Variables
Apps 1 day ago
How to add CPU, GPU, RAM widgets on Windows 11
News 2 days ago
Reduce latency and increase cache hits with Regional Tiered Cache
Reduce latency and increase cache hits with Regional Tiered Cache
Apps 2 days ago
Cloudflare is deprecating Railgun
Cloudflare is deprecating Railgun
Apps 2 days ago
Triangulation: Trojan for iOS | Kaspersky official blog
Threats 2 days ago

Recent Posts

  • Dynamic data collection with Zaraz Worker Variables
  • How to add CPU, GPU, RAM widgets on Windows 11
  • Reduce latency and increase cache hits with Regional Tiered Cache
  • Cloudflare is deprecating Railgun
  • Triangulation: Trojan for iOS | Kaspersky official blog

You Might Also Like

Dynamic data collection with Zaraz Worker Variables
Apps

Dynamic data collection with Zaraz Worker Variables

1 day ago
Cloudflare is deprecating Railgun
Apps

Cloudflare is deprecating Railgun

2 days ago
Threats

Triangulation: Trojan for iOS | Kaspersky official blog

2 days ago
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 22, 2023 to May 28, 2023)
Wordpress Threats

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 22, 2023 to May 28, 2023)

2 days ago
Show More

Related stories

How to Use Cloudflare to Secure Your WordPress Site
How To Starting Chrome from the command line
How to fix error 0x80070057 in Chrome?
Windows 10 How To Disable Slide to Shutdown
Windows search not working (FIX)
How to watch movies and TV series for free on Kinopoisk?
Previous Next

10 New Stories

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 22, 2023 to May 28, 2023)
Safeguards against firmware signed with stolen MSI keys
WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11
How to enable Taskbar End Task option to close apps on Windows 11
How to check USB4 devices specs from Settings on Windows 11
Previous Next
Hot News
Dynamic data collection with Zaraz Worker Variables
How to add CPU, GPU, RAM widgets on Windows 11
Reduce latency and increase cache hits with Regional Tiered Cache
Cloudflare is deprecating Railgun
Triangulation: Trojan for iOS | Kaspersky official blog
10alert.com10alert.com
Follow US

© 10 Alert Network. All Rights Reserved.

  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?