A duo of security researchers, Daniel Komaromy of San Francisco and Nico Golde of Berlin, demonstrated how to intercept calls using bogus base stations.
PacSec Modern Samsung devices, including the last generation Samsung S6, S6 Edge and Note 4, are vulnerable to phone eavesdropping. A duo of experts, Daniel Komaromy of San Francisco and Nico Golde of Berlin, demonstrated that is possible to intercept calls using malicious base stations.
The duo demonstrated the attacks on Samsung’s ‘Shannon’ line of baseband chips at the Mobile Pwn2Own competition at PacSec held in Toyko. Obviously the researchers haven’t publicly disclosed the details of their attack, they reported it to Samsung instead.
Nico Golde and Daniel Komaromy at Pwn2Own today. (Drago Ruiu)
The experts targeted Samsung devices, including the Samsung S6, with a man-in-the-middle attack relying on an OpenBTS base station, tricking the handsets and forcing it to connect to the bogus station. Once connected to the bogus base station, the handset receives the baseband processor firmware, the module which is responsible handling voice calls.
“Our example of modifying the baseband to hijack calls is just an example,” Komaromy told Vulture South. “The idea with hijacking would be that you can redirect calls to a proxy (like a SIP proxy) and that way you can man-in-the-middle the call.” “So that means the caller sees her original call connected – but it can be recorded in the proxy [which is how] it’s like a wiretap implant.”
The attack works on Samsung S6 Edge running up updated software.
“I turned it on next to their radio and then dialled myself,” said PacSec organiser Dragos Ruiu. “And instead of ringing on my phone it rang on theirs.”
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.