Seems like an awfully large oversight to reuse the encryption key between subsequent calls.

I wonder if this works when leaving voicemail in the second call? Since the approach requires a long call for a long decryption, dialing straight to voicemail would be non-cooperative and avoid alerting the victim until after.

Voicemail goes to a different place and may not even get you routed to the user’s cell.

The argument typically is that good encryption causes the call setup time to be too long and costs battery life, but this indeed is an exceptionally dumb flaw.

Unless you know what you’re doing it’s hard to test for though, and if you know what you’re doing you wouldn’t make this kind of mistake.

Somewhat true, but standards could assist developers with adequate test vectors, explanations and reminders why X or Y is important.

The illustrations are very charming. Here's the android app to test if your station is vulnerable: https://github.com/RUB-SysSec/mobile_sentinel

Wouldn't you get into massive amounts of trouble for running this on an operators commercial network?

This doesn't run on the network at all, so no. You're just listening to radio signals that are already out there.

Only if its detectable.

Whats with the alternating caps in the title? Is it to be sarcastic?

* Voice over Long-Term Evolution

* Voice over LTE

* VoLTE

* key-REuse VoLTE

* ReVoLTE

* Call Me Maybe: Ea­ves­drop­ping En­cryp­ted LTE Calls With Re­VoL­TE

* Call Me Maybe: Ea­Ves­Drop­Ping En­Cryp­Ted LTE Calls with Re­VoL­TE

Researchers are trying to make their work memorable by using marketing techniques like these. I assume the title on HN (which isn't the same as the article) is mocking it.

FWIW, its not in the title of the article, just the HN title. Mods should change it probably.

True. I emailed the mods.

Changed now. Submitted title was "Call Me Maybe: Ea­Ves­Drop­Ping En­Cryp­Ted LTE Calls with Re­VoL­TE".