Researchers show how to remotely listen to, record calls from Samsung Galaxy phones

Don't hang up on your call just yet but some Samsung Galaxy Phones -- the S6, S6 Edge and Note 4, in particular -- have a demonstrated vulnerability that connects them to fake cellular base stations.

Own a Samsung Galaxy S6, S6 Edge or Note 4? A determined, knowledgeable hacker could intercept your voice calls to listen in or even record conversations. A pair of researchers demonstrated exactly that scenario this week at the Mobile Pwn2Own competition in Tokyo, reports The Register.

The issue appears to be with Samsung's baseband chip in the handsets, which allow for this type of exploit.


Google gets serious about Android security: Monthly Nexus software updates

Google just added another big selling point its Nexus line of phones and tablets: The safest Android experience possible.

Read More

Don't hang up just yet on your phone calls if you have one these Galaxy devices though; it's not likely that anyone is tuned in and Samsung has been made aware of the issue.

Daniel Komaromy and Nico Golde, the pair who demonstrated the hack on and out-of-the-box and freshly updated handset, have turned over their findings to Samsung and kept the details out of the public's eye.

To intercept calls, the pair set up an OpenBTS base station that nearby phones think is a legitimate cellular tower. That base station then can remotely tinker with a phone's baseband software -- the bits that manage cellular radio connections -- without the user even knowing.

The end result is that phone calls are routed first through unofficial base station where the call is redirected to a SIP proxy server and then passed through official cellular networks. Essentially, it's a cellular man-in-the-middle attack and callers have no idea it's happening.

It's not yet clear if the team can replicate the hack on other phones that use baseband chips from other providers, but I'm skeptical of that. It sounds more to me like an issue specific to Samsung's chipset; I'd expect a baseband firmware update from the company in the near future now that it has information on the security hole.