When Good Turns Evil: Encrypted 5G/4G Voice Calls Can Leak Your Identities

Jingwen Shi, Tian Xie, Guan Hua Tu, Chunyi Peng, Chi Yu Li, Andrew Hou, Sihan Wang, Yiwen Hu, Xinyu Lei, Min Yue Chen, Li Xiao, Xiaoming Liu

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

5G/4G voice calls are always encrypted for security and privacy. However, in this work, we unveil several vulnerabilities which can unintentionally leak 5G/4G call state information, despite encryption protection. They stem from recent call optimization techniques standardized in the 3GPP specifications and adopted by mobile network operators. While these techniques are effective to enhance 5G/4G call quality and efficiency, they unfortunately expose extra call information, which can be exploited to precisely infer call states and launch side-channel attacks. By leveraging precise call states, we devise a Cross-domain Identity Linkage attack, CrossIL, which aims to infer mobile users' user identities and cellular identities, thereby enabling powerful cyberattacks or privacy inferences against high-value victims. We have experimentally validated these vulnerabilities and assessed the attack damages with three major U.S. carriers. Our experimental result shows that the success rate on the identity inference ranges from 89% to 98%. Finally, we propose and evaluate a cellular-friendly solution.

Original languageEnglish
Title of host publication2023 IEEE Conference on Communications and Network Security, CNS 2023
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9798350339451
DOIs
StatePublished - 2023
Event2023 IEEE Conference on Communications and Network Security, CNS 2023 - Orlando, United States
Duration: 2 Oct 20235 Oct 2023

Publication series

Name2023 IEEE Conference on Communications and Network Security, CNS 2023

Conference

Conference2023 IEEE Conference on Communications and Network Security, CNS 2023
Country/TerritoryUnited States
CityOrlando
Period2/10/235/10/23

Fingerprint

Dive into the research topics of 'When Good Turns Evil: Encrypted 5G/4G Voice Calls Can Leak Your Identities'. Together they form a unique fingerprint.

Cite this