Modern Samsung smartphones, including models Galaxy S6, Galaxy S6 edge and Galaxy Note 4 contain a vulnerability that allows you to intercept calls using a malicious base station. To such conclusion experts Daniel Komáromi and Nico Golde.
As evidence the researchers presented a demo of the attack on the modems Samsung series Shannon within the Mobile Pwn2Own competition at the PacSec conference in Japan. In the experiment used the flagship Galaxy S6 edge.
Specific details about security flaws no, but there is one thing they know. This attack assumes the presence of an installed OpenBTS base station, which is located near the target device, said Securitylab.
After connecting to a dummy station at the device loads firmware for modem smartphone. Thus, all calls will be directed to a malicious base station, which will redirect them to the proxy, where they will be recorded and then sent to the intended recipient. Smartphone user in no way will be able to understand that his conversations were tapped.
According to Komáromi, the impact of the attack, as well as the ways of its reflection, will become known after the work will analyze professional security researchers.
Golde and Komáromi Samsung has provided detailed information about the exploit, but refused to divulge all the details. Will there be an update that resolves this issue is still unknown.
