Specialists of the French company P1 Security published a report describing a number of problems related to the popular protocol VoLTE, which is currently used in the US, Asia and most European countries.

VoLTE (Voice over LTE) is a technology for voice over the LTE network, based on the IP Multimedia Subsystem (IMS). Allows you to provide voice services and deliver them as a data stream over LTE. In fact, VoLTE is an IP-telephony (VoIP), but with some peculiarities connected with the device of cellular networks.

In the course of the study, the experts identified a number of serious problems that could hack the mobile operator's network and gain access to the list of subscribers, create hidden data transmission channels, make calls from someone else's phone number, access voice mail and.

For example, an attacker can use the specially crafted SIP (Session Initiation Protocol) INVITE messages (messages sent when initiating a VoLTE call) to compromise the cellular network operator's network and access the list of users.

Another vulnerability is the lack of verification of the information specified in the SIP INVITE headers of messages. By replacing certain headers, attackers can make calls from someone else's phone number and thus avoid surveillance by law enforcement agencies.

Experts also identified a problem that allows attackers to compile a virtual network map of the target cellular operator by intercepting VoLTE traffic coming to the Android smartphone.

As it turned out, 200 OK messages (the data of the message the phone receives when connected to a mobile network) contain detailed information about the network parameters. Also, attackers can obtain information about the user's geo position by intercepting messages 183 Session Progress SIP. As the analysis showed, one of the header sections contains information about the UTRAN CellID (a unique cell identifier). In other words, an attacker can initiate a call, locate a victim and terminate the connection before it is installed.