Security researchers have found a way to intercept calls made by a few Samsung smartphones. At the Mobile Pwn2Own rivalry this week, researchers demonstrated a vulnerability in the Samsung Galaxy S6, Galaxy S6 Edge, and Galaxy Note 4 that allow them to trick the handsets to connect to a malicious base station to access calls and messages coming from/ending on the phone.
Daniel Komaromy and Nico Komaromy reveal that a “man-in-the-middle” vulnerability in the “Shannon-branded” baseband chips – constituting modem, RF handset, and tracking IC – used as a part of the previously stated handsets.
According to Gadgets360, these researchers set up a base station, which is required to quickly connect a cell phone to the more extensive phone network, and found that Samsung handsets immediately established connection with it. This allowed the researchers to intercept calls and messages sent through the base station.
“As soon as we power up the new phone in the presence of their attack radio, their signal patches the radio runtime software of the baseband processor (the other CPU in your cellphone that users can’t access that takes care of the radio to talk to the network) so that after the patch any phone calls I make are routed to them instead of their intended destination,” said Dragos Ruiu, an organiser of PacSec.
“I tested this after when we went to where we did have cellphone coverage by trying to dial my Japanese cellphone and it rang on Nico’s cellphone instead. The modified radio software also forwarded the original number dialled so in the real world an attacker would then use a VoIP proxy to forward the call imperceptibly and listen in on it,” he reported.
Komaromy and Komaromy didn’t reveal the full experimentation points of their research, noted that they have informed Samsung about it. The researchers, and Samsung didn’t comment to the issues raised about the new smartphones.