Don’t hang up on your call just yet but some Samsung Galaxy Phones — the S6, S6 Edge and Note 4, in particular — have a demonstrated vulnerability that connects them to fake cellular base stations.
record conversations. A pair of researchers demonstrated exactly that scenario this week at the Mobile Pwn2Own competition in Tokyo, reports The Register.
The issue appears to be with Samsung’s baseband chip in the handsets, which allow for this type of exploit.
Don’t hang up just yet on your phone calls if you have one these Galaxy devices though; it’s not likely that anyone is tuned in and Samsung has been made aware of the issue.
Daniel Komaromy and Nico Golde, the pair who demonstrated the hack on and out-of-the-box and freshly updated handset, have turned over their findings to Samsung and kept the details out of the public’s eye.
To intercept calls, the pair set up an OpenBTS base station that nearby phones think is a legitimate cellular tower. That base station then can remotely tinker with a phone’s baseband software — the bits that manage cellular radio connections — without the user even knowing.
The end result is that phone calls are routed first through unofficial base station where the call is redirected to a SIP proxy server and then passed through official cellular networks. Essentially, it’s a cellular man-in-the-middle attack and callers have no idea it’s happening.
It’s not yet clear if the team can replicate the hack on other phones that use baseband chips from other providers, but I’m skeptical of that. It sounds more to me like an issue specific to Samsung’s chipset; I’d expect a baseband firmware update from the company in the near future now that it has information on the security hole.
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.