Modern versions of Samsung Galaxy smartphones can have their phone calls recorded using malicious base stations. A base station, often acts as a middle man trying to mediate between the user and the Mobile station. The base station ends up fooling the mobile station. It acts as a spy device.
While the base stations are often used only in laboratories for testing, they are also available openly in the market and do not require permissions or licenses.
At the PacSec security conference in Tokyo, two German researchers, Daniel Komaromy and Nico Golde, showcased how base stations can easily fool Samsung's most recent line of Galaxy phones and have them connect to its network. The attack was carried out with OpenBTS base stations and on the latest versions of Samsung's Galaxy S6, Galaxy S6 Edge, and Galaxy Note 4 families.
All the phones use the "Shannon" chips and much of them were fooled and could be tapped in through proxy servers. The serious vulnerability was exposed by the two german researchers. The researchers used the OpenBTS base station to push a malicious firmware update to the Phone.
The phone becomes vulnerable enough that hackers are able to lay control over the phone and route calls through a proxy server. The hackers can spy on other parties using this the OpenBTS base station.While this experiment was done in the conference, it is no joke if something like this can be done in real life.
The Researchers have given all details of the research to the Samsung Technical team, while they provided a demonstration of the attack on the Galaxy phones to the audience at the conference.
The PacSec conference rewards huge sums of money to ethical hackers who are able to expose security vulnerabilities. The money could add up $425,000 / €395,000 to people who exposed the bugs and serious vulnerabilities