Snooping Pay-over-the-Phone Transactions over Encrypted 5G/4G Voice Calls
Primary Investigator:
Chunyi Peng
Jingwen Shi, Shaan Shekhar, Guan-Hua Tu, Chunyi Peng
Abstract
In this poster, we present a new attack to snoop pay-over-the-phone transactions over encrypted 5G/4G voice calls. We deploy a radio sniffer to eavesdrop 5G/4G communication, followed by inferring confidential pay-over-the-phone transaction despite encryption protection. Interactive Voice Responsive (IVR) technology and other 3GPP standards for enhancing 5G/4G calls widely adopted by mobile network operators makes the attack feasible. While these enhancements enable detection of voice calls over the 5G/4G traffic, IVR-specific features help us identify the presence of an IVR call, followed by spying of sensitive payment transactions over the 5G/4G traffic in real-time.