ReVoLTE Networks Vulnerability

Mobile Networks and Telephones
Advisory ID:
August 27, 2020


Recently, a group of security researchers discovered a new vulnerability named ReVoLTE attack. This vulnerability is due to mobile operators often utilizing similarly encryption key to obtain multiple 4G voice calls that takes place through similarly base station. This vulnerability could allow a malicious attacker to manipulate encrypted content of a recorded Volte call so as to eavesdrop the conversation.

Description & Consequence

ReVoLTE, is an attack that exploits an LTE(Long Term Evolution) implementation flaw(frequently utilization of similar encryption key) to eavesdrop the call between two people, and recover the contents of an encrypted VoLTE call, by using a downlink sniffer to observe and designate the targets calls for decryption of conversations. The threat actors perform this by connecting to the same base station the victim was using, then the attacker place a downlink sniffer to observe and designate the ‘targeted call’ that are produced by the victim as these calls need to be decrypted. Once the threat actors are done with the targeted calls, now the attacker will call the victim, after 10 seconds of the designation. This will then force the unprotected network into starting a new call between victim and attacker on the same base station that is used by the previous targeted call. The threats actors keeps the victim confused and keep them busy in talking while all their conversation is recorded in the plaintext which will help the threat actor to later compute the call.

At a successful exploitation, a malicious attacker could record victim’s conversations, gain access to sensitive data, and then steal/leak private personal or corporation’s information for malicious purposes.


  • Mobile Operators should avoid keystream reuse.
  • Vendor should test to know if their networks are vulnerable to this attack using “Mobile Sentinel App”.
  • vendors are to provide patches, install and configure them securely for appropriate usage for consumers.



Related Articles