Their technique, dubbed ReVoLTE, uses a software-defined radio to pull the signal a carrier’s base station transmits to a phone of an attacker’s choosing, as long as the attacker is connected to the same cell tower (typically, within a few hundred meters to few kilometers) and knows the phone number.

“Data confidentiality is one of the central LTE security aims and a fundamental requirement for trust in our communication infrastructure,” the researchers, from Ruhr University Bochum and New York University, wrote in a paper presented Wednesday at the 29th USENIX Security Symposium.

“We introduced the ReVoLTE attack, which enables an adversary to eavesdrop and recover encrypted VoLTE calls based on an implementation flaw of the LTE protocol.”.

The base station then decrypts the traffic to allow it to be passed to any circuit-switched portion of a cellular network.

The implementation error ReVoLTE exploits is the tendency for base stations to use some of the same cryptographic material to encrypt two or more calls when they’re made in close succession.

The attack seizes on this error by capturing the encrypted radio traffic of a target’s call, which the researchers call the target or first call.

When the first call ends, the attacker quickly initiates what the researchers call a keystream call with the target and simultaneously sniffs the encrypted traffic and records the unencrypted sound, commonly known as plaintext.

Furthermore, the adversary can decode recorded traffic up to the encryption data (PDCP) when she has learned the radio configuration of the targeted eNodeB.

The attacker then compares the encrypted and plaintext traffic from the second call to deduce the cryptographic bits used to encrypt the call.

“The ReVoLTE attacks exploit the reuse of the same keystream for two subsequent calls within one radio connection,” the researchers wrote in a post explaining the attack.

The figure below depicts the steps involved, and the video below the figure shows ReVoLTE in action:.

ReVoLTE also won’t work when base stations follow the LTE standard that dictates against the reuse of keystreams.

Despite the limitations, the researchers were able to recover 89 percent of the conversations they eavesdropped on, an accomplishment that demonstrates that ReVoLTE is effective in real-world settings, as long as base stations incorrectly implement LTE.

In initial tests, the researchers found that 12 of 15 randomly selected base stations in Germany reused keystreams, making all VoLTE calls transmitted through them vulnerable.

I emailed AT&T, Verizon and Sprint/T-Mobile to ask if any of their base stations are vulnerable to ReVoLTE.

By using what's known as an XOR operation on the encrypted data and the corresponding plaintext traffic, the researchers could generate keystream.

The figure below shows how ReVoLTE does this:.

“The keystream call allows the attacker to extract the keystream by XOR-ing the sniffed traffic with the keystream call plaintext,” ReVoLTE researchers explained.