Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ
Ξ We've updated our CA certificate. All members need to be using the latest ones by Dec 22. See this page for more infoΞ

[The Register] Samsung S6 calls open to man-in-the-middle base station snooping

Industry news items concerning VPNs, darknets, crypto, surveillance and secure computing.
User avatar

Topic Author
parityboy
Site Admin
Posts: 1220
Joined: Wed Feb 05, 2014 3:47 am

[The Register] Samsung S6 calls open to man-in-the-middle base station snooping

Postby parityboy » Fri Nov 13, 2015 4:49 pm

Their cheap man-in-the-middle attack requires an OpenBTS base station to be established and located near target handsets.

Handsets will automatically connect to the bogus station.

The malicious base station then pushes firmware to the phone's baseband processor (the chip that handles voice calls, and which isn't directly accessible to end users).

The firmware patch pushes phone calls through the bogus base station, which redirects them to a proxy that records them and passes them on to the intended recipient.

Komaromy says the full impact of the attack along with any mitigating factors will be known once seasoned researchers examine their work.

"Our example of modifying the baseband to hijack calls is just an example," Komaromy told Vulture South.

"The idea with hijacking would be that you can redirect calls to a proxy (like a SIP proxy) and that way you can man-in-the-middle the call.

"So that means the caller sees her original call connected - but it can be recorded in the proxy [which is how] it's like a wiretap implant."


Source

Return to “crypto, VPN & security news”

Who is online

Users browsing this forum: No registered users and 3 guests

Login