Level 33
Staff member
Malware Hunter
A team of researchers from French company P1 Security has detailed a long list of issues with the 4G VoLTE telephony, a protocol that has become quite popular all over the world in recent years and is currently in use in the US, Asia, and most European countries.

VoLTE stands for Voice Over LTE — where LTE stands for Long-Term Evolution and is a high-speed wireless communication for mobile phones and data terminals, based on older GSM technology.

In simpler terms, VoLTE is a mash-up between LTE, GSM, and VoIP, a technology used for Voice-over-the-Internet communications. The protocol rolled out in 2012 in South Korea and Singapore and has become very popular because it blends the benefits of old circuit-switched protocols (stability) with the benefits of modern IP protocols (call quality & speed).

Because VoLTE looks primed to spread to all operators across the globe, P1 Security experts have conducted an audit of this new technology. Their findings, documented in a research paper, reveal serious flaws that could be exploited by attackers only with an Android phone connected to a mobile network.

Researchers say they identified both "active" vulnerabilities (that require modifying special SIP packets) and "passive" vulnerabilities (that expose data via passive network monitoring or do not require any SIP packet modification). Below is a list summarizing the team's findings:

User enumeration using SIP INVITE messages