Whenever we talk over the phone we tend to give away lots of information about ourselves without even thinking about it. Whether it’s where we are or where we’re going to, confidential details about our professional life, or just daily complaints and events, we do so thinking that what we say is only going to be heard by the other person on the line. Sometimes we even reveal information relating to banking details, such as the account number and our date of birth, if we have to make a call to our bank.
As we like to keep a tab on our personal privacy, it’s normal for us to go to an empty room to continue a conversation or to even use a lower tone of voice so as to avoid being overheard. However, these measures might not mean an awful lot if you happen to use a Samsung Galaxy.
According to a demonstration by Daniel Komaromy and Nico Golde, two IT experts, at the recent Mobile Pwn2Own conference in Tokyo, it is possible to intercept calls made on Galaxy S6, S6 Edge, and Note 4 models.
The investigators used the baseband chip of the devices to carry out the attack, as the chip is used to complete all radio communications. To access it, the pair used a “man-in-the-middle” attack – a classic technique that allows a cybercriminal to read and intercept a victim’s messages without them knowing a thing.
In this case, they managed to intercept voice calls by connecting these two devices with a false station, making the smartphones near to it think that it was actually a legitimate communication tower.
Once connected, these security experts were able to communicate remotely with the baseband processor without alerting the user. From that moment on they were free to intercept, listen, and even record phone calls. With a simple method, these two investigators managed to spy on these devices.
So, does this mean that any cybercriminal might be able to easily control your Galaxy device and listen to everything that I share in confidence? Komaromy and Golde have highlighted that the system that they have presented is just an example – the idea would be to later redirect the calls to a proxy to carry out the real attack and allow for the call to reach its true destination.
What’s more, these experts haven’t divulged all of the details of their experiment and have informed Samsung of their findings, so that the company can quickly find a way to clear up this vulnerability before it’s too late.
Unfortunately, this is only one of many methods that can be used by a cyber attacker to wreak havoc. As we’ve already told you, some cybercriminals have already developed programs that activate the microphone on our smartphones so as to spy on us.
A group of investigators from the University of Stanford even developed Gyrophone, an application that used the gyroscope to capture sound vibrations created by a human voice to spy on calls.
Although we’re not going to tell you to stop using your phone for calling, we would recommend that you try to avoid giving out details relating to your bank account or access codes for your smartphone or computer while on the phone.
This piece of advice is particularly important if your job requires a high degree of privacy. Worrying about whether your smartphone is safe enough to not be targeted by cybercriminals is another thing to keep in mind, as you never know if one of them is interested in listening in on your conversations.