VU#615987: Missing IPsec Integ... Note

VU#615987: Missing IPsec Integrity Protection for IMS SIP Signaling in Verizon VoLTE Deployments

Verizon's VoLTE service on its IMS network has been operating without essential SIP integrity protection. This means that sensitive signaling data, including call setup information, is transmitted unencrypted. On-path attackers can therefore intercept and modify this traffic without detection. The absence of IPsec ESP encapsulation and specific security headers leaves the signaling vulnerable. While recent iOS carrier bundle updates contain IMS IPsec settings, their active implementation remains unconfirmed. This lack of protection allows for significant security risks like call hijacking and denial-of-service attacks. Specifically, REGISTER exchanges were observed missing crucial security headers. According to industry standards, SIP signaling between devices and the network should be protected. Verizon had initially committed to addressing the issue but has since disengaged from coordination efforts. Without verifiable evidence of mitigation, the security exposure continues. Remediation requires both network-side enablement by Verizon and device-side configuration updates. Until confirmed, VoLTE signaling should be treated as untrusted.