Hongil Kim is a Ph.D. candidate in System Security Laboratory from Korea Advanced Institute of Science and Technology. He received his M.S. and B.S. in electrical engineering from KAIST. He has broad interests in system security. Especially, He is mainly working on cellular network system and mobile device security.
Dongkwan Kim is a student in a master's degree in the Department of Electrical Engineering at KAIST. He is interested in various fields of security: cellular network, embedded devices, sensing and actuation systems. He is now working on designing secure architecture of cellular network, and building a spoofing detection and prevention framework for sensing and actuation systems. He has been working on several embedded devices such as automobiles, smart TVs, network routers, and femtocells. He participated in several hacking CTFs (DEFCON, Codegate, Whitehat Contest, HDCON) as a member of KAIST GoN. He holds a BS from KAIST (2014) in CS.
[Abstract] Long Term Evolution (LTE) is becoming the dominant cellular networking technology, shifting the cellular network away from its circuit-switched legacy towards a packet-switched network that resembles the Internet. To support voice calls over the LTE network, operators have introduced Voice-over-LTE (VoLTE) that dramatically changes how voice calls are handled both from the user equipment and the infrastructure perspective. We find that this dramatic shift opens up a number of new attack surfaces that have not been previously explored. To call attention to this matter, this paper presents a systematic security analysis.
Unlike the traditional call setup, VoLTE call setup is controlled and performed at the Application Processor (AP), using the SIP over IP. A legitimate user who has control over AP can potentially control and exploit the call setup process to establish a VoLTE channel. This combined with the legacy accounting policy (e.g., unlimited voice and the separation of data and voice) leads to a number of free data channels. In the process of unveiling the free data channels, we identify a number of additional vulnerabilities of early VoLTE implementations, which lead to serious exploits, such as caller spoofing, over-billing, and denial-of-service attacks. We identify the nature of these vulnerabilities and concrete exploits that directly result from the adoption of VoLTE. We also propose immediate countermeasures that can be employed to alleviate the problems. However, we believe that the nature of the problem calls for a more comprehensive solution that eliminates the root causes at mobile devices, mobile platform, and the core network.