Researchers access calls made on Samsung Galaxy S6, S6 Edge and Note 4 with man-in-the-middle attack
The Mobile Pwn2Own competition held at PacSec, Tokyo witnessed many hacks and demonstrations but the prime was the demonstration by two researchers who were able to hack the Samsung calls with help of malicious base stations.
The researchers, Daniel Komaromy and Nico Golde said that all Samsung devices including Samsung Galaxy S6, S6 Edge and Note 4 can have phone calls intercepted using malicious base stations. The duo demonstrated the attacks on Samsung’s ‘Shannon’ line of baseband chips in front of a live audience.
Though they have not made their full research public, it makes use of Man-in-the-middle attack to intercept calls made on Samsung smartphones. The hack is done using a malicious OpenBTS base station which is located near target handsets. Once the smartphones are in the range they will automatically hone in and connect to the bogus station. Once connected, the malicious base station pushes firmware to the smartphone’s baseband processor. The smartphone’s baseband processor is the the chip that handles voice calls, which isn’t directly accessible to the end user.
The firmware patch pushes phone calls through the bogus base station, which redirects them to a proxy that records them and passes them on to the intended recipient. Komarov says that the full impact of their research can only be known once a detailed study is done.
“Our example of modifying the baseband to hijack calls is just an example,” Komaromy told Vulture South.
“The idea with hijacking would be that you can redirect calls to a proxy (like a SIP proxy) and that way you can man-in-the-middle the call. The attack works on Samsung S6 Edge running up updated software.
“I turned it on next to their radio and then dialled myself,” said PacSec organiser Dragos Ruiu. “And instead of ringing on my phone it rang on theirs.”
The researchers have notified their findings to Samsung.
Resource : Register