In this talk, we will be discussing a critical security vulnerability we discovered in the Voice over LTE (VoLTE) interface of iOS devices, including iPhones and Apple Watches.
This vulnerability has been present in the iOS operating system since the inception of 4G VoLTE. We will shed light on the issue, its root cause, and how it arises due to improper implementation of GSMA guidelines, highlighting a design flaw in the implementation of the iOS IMS SIP agent.
We will delve into the technical details of the vulnerability, providing a comprehensive analysis of its impact on iOS devices and the potential risks it poses to users’ privacy and security. We will also explore the challenges faced during the discovery and disclosure of the vulnerability to Apple and discuss the response and mitigation measures taken by the company.