A lot of OEMs like to think that their phones are secure, and for the most part we’d like to think that they have done their due diligence too. However sometimes certain loopholes are overlooked which can sometimes lead to disastrous results. Recently during a security conference, two researchers by the name of Daniel Komaromy and Nico Golde demonstrated a man in the middle attack on Samsung phones.
This was during the Mobile Pwn2Own competition in which both the researchers showed how phones like the Samsung Galaxy S6, the Galaxy S6 Edge ,and the Galaxy Note 4 were flawed. To prove this flaw, they showed that both phones could have their calls intercepted by using malicious base stations that have been positioned near their targets.
What happens is that the base stations will push a firmware to the phone’s baseband processor, which will then push phone calls through to the fake base station. This means that hackers could potentially intercept, listen, and record your phone calls. However given the setup required to make this work, it probably won’t be for your everyday hacker.
The good news is that the full details of how this hack works have not been shared with the public. Instead the researchers have passed along the information to Samsung who will hopefully address the security flaw in a timely manner.