Presented at
DeepSec 2017 „Science First!“,
Unknown date/time
(Unknown duration).
Voice over LTE (VoLTE) as well as Voice over WiFi (VoWiFi) are variants of Voice over IP that makes use of IP Multimedia Subsystem (IMS) in its backend. In this talk, we identify five different attacks on VoLTE/VoWiFi.
This includes mainly (i)sniffing VoLTE/VoWiFi interfaces, (ii)extracting IPSec keys from IP Multimedia Services Identity Module (ISIM) that is embedded within the SIM card, and (iii)performing three different kinds of injection attacks in Session Initiation Protocol (SIP) headers that are used for signaling of VoLTE/VoWiFi.As a result of VoLTE/VoWiFi sniffing, we identified information disclosures such as leaking IMSI, IMEI, location of users and private IP of IMS. We also managed to extract the ciphering key and the integrity key (CK/IK) used for IPSec from ISIM with the help of a hardware device called SIMTrace.
We also discuss three different SIP header injection attacks that enables location manipulation and side channel attacks.
It is important to note here that all these attacks are valid on the current 3GPP standards that are used by telecom providers. Thus understanding the attacks and mitigating them is of high relevance. This is a continuation of the work presented by Schmidt et.al in the talk IMSecure - Attacking VoLTE at Areas41 conference, 2016.
Presenters:
-
Sreepriya Chalakkal
- ERNW GmbH
Sreepriya works at ERNW GmbH as a security researcher focused on Telecommunication security. She completed her masters from Technical University of Berlin and University of Trento with a dual degree in Computer Security and Privacy in March 2017.
Passionate about the security aspects of softwares and protocols. These days, she spends her time playing with telecommunication devices and sim cards. Sreepriya likes to do security analysis of large code bases, packet captures and logs.She's inspired by the mission "Making the world a safer place" and loves to work towards fulfilling that goal.
Links:
Similar Presentations: