Galaxy S6 Edge eBay deal

Pwn2Own Finds Call Vulnerability In Samsung Phones

November 13, 2015 - Written By Daniel Fuller

If you’re any kind of I.T. security buff, you probably already know about the annual Pwn2Own contest, where white-hat hackers attempt to exploit a device and, if successful, take it home along with a cash prize and commemorative jacket. This year’s PacSec in Tokyo played host to the Pwn2Own contest where two contestants got themselves shiny new Galaxy S6 Edge units for figuring out how to, fairly easily, hijack calls made from the handsets.

Security researches Daniel Komaromy and Nico Golde cooked up an attack that effectively causes the affected Samsung handsets, including older and newer devices, to mistake a mobile OpenBTS station, set up on the cheap with minimal hardware, for a legitimate tower and send call requests there. All one has to do is set the station up near the physical location of the device in question. Once the OpenBTS station has the connection, it will push a bogus firmware to the phone’s baseband processor, normally inaccessible to users. From there, a call can be routed through a proxy to the nearest tower to be connected while the OpenBTS station records the call. Mind you, this test was done on fresh-from-the-factory S6 Edge handsets that were updated before being handed over to the researchers. The researchers said that their attack was only an example and that, with some modification, this kind of man-in-the-middle attack could be much more devastating.

Many popular OEMs and software vendors have pulled out of the running this year, leaving the prize pool a bit on the short side. Still, organizer Dragos Ruiu is offering both contestants ski trips later in the season to Canada, so that they can attend CanSecWest and give technical details on the attack they cooked up, which have already been divulged to Samsung in the hopes of a timely update containing a fix. It’s not surprising to see them being treated this well. This comes hot on the heels of another researcher cracking Google Chrome wide open with a single visit to a carefully made website, proving that mobile security is no joke and has never been quite so finicky.