Insecurity of Operational IMS Call Systems: Vulnerabilities, Attacks, and Countermeasures

Yu Han Lu, Sandy Hsin Yu Hsiao, Chi Yu Li, Yi Chen Hsieh, Po Yi Chou, Yao Yu Li, Tian Xie, Guan Hua Tu

研究成果: Article同行評審


IMS (IP Multimedia Subsystem) is an essential 4G/5G component to offer multimedia services. It is used worldwide to support two call services: VoLTE (Voice over LTE) and VoWiFi (Voice over WiFi). In this study, it is shown that the signaling and voice sessions of VoWiFi can both be hijacked by a malicious adversary. By hijacking the signaling session, s(he) gains the ability to make ghost calls to launch stealthy DoS (Denial of Service) or caller-ID spoofing attacks against specific cellular users. Such attacks can be carried out without any malware or network information, and require only the victim’s phone number to be known. It is shown that phones vulnerable to the call DoS attacks can be detected at run time by exploiting a vulnerability of cellular network infrastructures referred to as call information leakage, which is exposed based on a machine learning method. Especially, the call DoS attacks can prevent victims from receiving incoming calls for up to 99.0% time without user awareness. Moreover, by hijacking the voice session, an adversary can launch stealthy free data transfer attacks based on phone numbers alone rather than IP addresses. The identified vulnerabilities/attacks are validated in the operational 4G networks of four top-tier carriers across Asia and North America with seven phone brands. The study concludes by presenting a suite of solutions to address them.

頁(從 - 到)1-16
期刊IEEE/ACM Transactions on Networking
出版狀態Accepted/In press - 2022


深入研究「Insecurity of Operational IMS Call Systems: Vulnerabilities, Attacks, and Countermeasures」主題。共同形成了獨特的指紋。