VoLTE Hacking

The 10th Annual HITB Security Conference took place from the 6th till the 10th of May 2019 in The Netherlands. The theme for the conference this year is 'The Hacks of Future Past'. One of the presentations was on the topic 'VoLTE Phreaking' by Ralph Moonen, Technical Director at Secura.

The talk covered variety of topics:

• A little history of telephony hacking (in NL/EU)
• The landscape now
• Intercepting communications in 2019
• Vulnerabilities discovered: some new, some old
• An app to monitor traffic on a phone

The talk provides details on how VoLTE can potentially be hacked. In a lot of instances it is some or the other misconfigurations that makes VoLTE less secure. One of the slides that caught my attention was the differences in VoLTE signaling from different operators (probably due to different vendors) as shown above.

Anyway, I am not going into more details here. The presentation is available here.

Another interesting talk from #HITB2019AMS:
"VoLTE Phreaking"https://t.co/KSMLen6Yb6 [PDF] pic.twitter.com/KakJMGCcVk

— Enno Rey (@Enno_Insinuator) May 9, 2019

The thread in the Tweet above also provided some good references on VoLTE hacking. They are as follows:

• ERNW: Security Analysis of VoLTE, Part 1
• ERNW: Denial of Service attacks on VoLTE
• ERNW: VoLTE Security Analysis, part 2
• ERNW: IMSecure – Attacking VoLTE (and other Stuff)
• ERNW White Paper: Practical Attacks on VoLTE and VoWiFi

Related Posts:

• 3G4G: Voice in 4G: CSFB, VoIP & VoLTE