Analecta Cyber Company Blog: Remote listening possible on some Galaxy phones

2015-11-26

Remote listening possible on some Galaxy phones

The Samsung Galaxy series of phones, specifically the S6, S6 Edge and Note 4, are vulnerable to remote phone call interception by hackers, according to new reports.

A man-in-the-middle attack that exploits the low-level cellular baseband software has been discovered. It allows attackers to intercept and record telephone calls on these Galaxy phones.
Researchers Daniel Komaromy and Nico Golde demonstrated the attack method at a recent Cyber Security conference in Tokyo, Japan. The man-in-the-middle attack is executed by creating a false cellular station that these then phones connect to believing they are connected to an authorized tower of the cell phone company.

The fake cell station is able to change the behavior of the baseband chip used in cellular communications. The modification to the baseband mode of operation occurs without the victim being able to identify a change. The attack allows a hacker to proxy telephone calls so the attacker is able to essentially wiretap the phone calls.