When Good Turns Evil: Encrypted 5G/4G Voice Calls Can Leak Your Identities
Document Type
Conference Proceeding
Publication Date
10-27-2023
Department
Department of Computer Science
Abstract
5G/4G voice calls are always encrypted for security and privacy. However, in this work, we unveil several vulnerabilities which can unintentionally leak 5G/4G call state information, despite encryption protection. They stem from recent call optimization techniques standardized in the 3GPP specifications and adopted by mobile network operators. While these techniques are effective to enhance 5G/4G call quality and efficiency, they unfortunately expose extra call information, which can be exploited to precisely infer call states and launch side-channel attacks. By leveraging precise call states, we devise a Cross-domain Identity Linkage attack, CrossIL, which aims to infer mobile users' user identities and cellular identities, thereby enabling powerful cyberattacks or privacy inferences against high-value victims. We have experimentally validated these vulnerabilities and assessed the attack damages with three major U.S. carriers. Our experimental result shows that the success rate on the identity inference ranges from 89% to 98%. Finally, we propose and evaluate a cellular-friendly solution.
Publication Title
2023 IEEE Conference on Communications and Network Security, CNS 2023
ISBN
9798350339451
Recommended Citation
Shi, J.,
Xie, T.,
Tu, G.,
Peng, C.,
Li, C.,
Hou, A.,
Wang, S.,
Hu, Y.,
Lei, X.,
Chen, M.,
Xiao, L.,
&
Liu, X.
(2023).
When Good Turns Evil: Encrypted 5G/4G Voice Calls Can Leak Your Identities.
2023 IEEE Conference on Communications and Network Security, CNS 2023.
http://doi.org/10.1109/CNS59707.2023.10288900
Retrieved from: https://digitalcommons.mtu.edu/michigantech-p2/274