Two security researchers, Daniel Komaromy of San Francisco and Nico Golde of Berlin, have demonstrated exactly the same during a security conference in Tokyo.
The duo demonstrated a man-in-the-middle (MITM) attack on an out-of-the-box and most updated Samsung handset that allowed them to intercept voice calls by connecting the device to fake cellular base stations.
The issue actually resides in the Samsung's baseband chip, which comes in Samsung handsets, that handles voice calls but is not directly accessible to the end user.
How to Intercept Voice Calls?
The researchers set up a bogus OpenBTS base station that nearby Samsung devices, including the latest Samsung S6 and S6 Edge, think is a legitimate cellular tower.
Once connected to it, the bogus base station remotely tinkers with the phone's baseband processor even without any knowledge of the user.
This gives an attacker ability to intercept, listen, and even record your phone calls. In short, the hack attack is a cellular MITM attack, and users have no idea what's happening
However, given the requirements to make such an attack possible, an everyday hacker can not be able to execute the hack.
"Our example of modifying the baseband to hijack calls is just an example," Komaromy told the Reg. "The idea with hijacking would be that you can redirect calls to a proxy and that way you can man-in-the-middle the call. So that means the caller sees her original call connected – but it can be recorded in the proxy [which is how] it is like a wiretap implant."
The pair has reported their findings to Samsung and kept the details of the attack out of the reach of the public. Hopefully, the company will address the security hole promptly.
