Hacking into iOS’s VOLTE implementation

Date

August 25, 2023

Time

13:00

Track

Track 1

In this talk, we will be discussing a critical security vulnerability we discovered in the Voice over LTE (VoLTE) interface of iOS devices, including iPhones and Apple Watches.

This vulnerability has been present in the iOS operating system since the inception of 4G VoLTE. We will shed light on the issue, its root cause, and how it arises due to improper implementation of GSMA guidelines, highlighting a design flaw in the implementation of the iOS IMS SIP agent.

We will delve into the technical details of the vulnerability, providing a comprehensive analysis of its impact on iOS devices and the potential risks it poses to users’ privacy and security. We will also explore the challenges faced during the discovery and disclosure of the vulnerability to Apple and discuss the response and mitigation measures taken by the company.

Security Researcher

Engineering Ops at KATIM

A security researcher challenging the depths and implementations in application security.

Lead Security Researcher

KATIM

A security researcher previously worked as a cyber security consultant with various consulting firms. I have worked with clients in Telecommunication, Media, Technology, Manufacturing and BFSI sector across South-Asian and Middle-Eastern countries.