
Ea­ves­drop­ping En­cryp­ted LTE Calls With Re­VoL­TE - Eduard
https://revolte-attack.net/
======
mNovak
Seems like an awfully large oversight to reuse the encryption key between
subsequent calls.

I wonder if this works when leaving voicemail in the second call? Since the
approach requires a long call for a long decryption, dialing straight to
voicemail would be non-cooperative and avoid alerting the victim until after.

~~~
microcolonel
It's something so stupid I have to imagine it is deliberate.

~~~
tinus_hn
The argument typically is that good encryption causes the call setup time to
be too long and costs battery life, but this indeed is an exceptionally dumb
flaw.

Unless you know what you’re doing it’s hard to test for though, and if you
know what you’re doing you wouldn’t make this kind of mistake.

~~~
1231asra
Somewhat true, but standards could assist developers with adequate test
vectors, explanations and reminders why X or Y is important.

------
kanobo
The illustrations are very charming. Here's the android app to test if your
station is vulnerable: [https://github.com/RUB-
SysSec/mobile_sentinel](https://github.com/RUB-SysSec/mobile_sentinel)

------
unixhero
Wouldn't you get into massive amounts of trouble for running this on an
operators commercial network?

~~~
jaywalk
This doesn't run _on_ the network at all, so no. You're just listening to
radio signals that are already out there.

------
wyxuan
Whats with the alternating caps in the title? Is it to be sarcastic?

~~~
stingraycharles
FWIW, its not in the title of the article, just the HN title. Mods should
change it probably.

~~~
pronoiac
True. I emailed the mods.

~~~
dang
Changed now. Submitted title was "Call Me Maybe: Ea­Ves­Drop­Ping En­Cryp­Ted
LTE Calls with Re­VoL­TE".

