Vulnerability in the 5G network make mobile phones susceptible to eavesdropping

As the world is preparing to make a shift from 4G to 5G network, researchers from the Horst Gortz Institute for IT Security (HGI) based in the Ruhr University of Bochum, Germany have revealed that phone calls on 4G network are susceptible to eavesdropping that can also be carry forwarded to the setup of 5G base stations in near future.

A report on the discovered issues is available online at the 29th USENIX Security Symposium between Aug 12th -14th 2020.

“Because of an error in the base stations, security analysts succeeded in decryting a Voice over LTE phone call content from the 4G network when they were on the same radio cell as the victim”, says David Rupprecht, the researcher who is leading the team at HGI.

Technically, two parties connected on the 4G network are provided with an encryption key that secures the phone call from eavesdropping. If hackers call the same two parties after their previous call and get hold of the previous call conversation, then they can decrypt the call on the same radio cell, making it eligible for snooping thereafter.

To get a grip on the security vulnerability, the researchers from Horst Gortz Institute for IT Security tested all base stations in Germany on a random note. And concluded that 80% of radio cells exhibited the vulnerability to a full extent.

HGI has confirmed that the menace of eavesdropping was resolved after the telecom companies offering VOLTE services updated their software related to the base stations.

Remember, there might be several radio cells somewhere in the world with this issue that can be carry forwarded to 5G networks if left unattended.

David Ruprecht and his team could not verify whether the security gap was exploited till date- as the Voice Over LTE services have been active in Germany since 2014.

Note 1- LTE abbreviated as Long Term Evolution is a wireless broadband connection available on mobile devices. It can also be called as a 4th Generation of radio technologies designed to increase the capacity and speed of internet on mobile telephone networks.

Note 2- VOLTE aka Voice over LTE is an improved version of 4G LTE where users are allowed by the Telecom providers to place a call over LTE connection instead of the regular voice networks. Unfortunately, the service is available only in core cities and lacks support when the user goes to remote areas.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display