Their cheap man-in-the-middle attack requires an OpenBTS base station to be established and located near target handsets.
Handsets will automatically connect to the bogus station.
The malicious base station then pushes firmware to the phone's baseband processor (the chip that handles voice calls, and which isn't directly accessible to end users).
The firmware patch pushes phone calls through the bogus base station, which redirects them to a proxy that records them and passes them on to the intended recipient.
Komaromy says the full impact of the attack along with any mitigating factors will be known once seasoned researchers examine their work.
"Our example of modifying the baseband to hijack calls is just an example," Komaromy told Vulture South.
"The idea with hijacking would be that you can redirect calls to a proxy (like a SIP proxy) and that way you can man-in-the-middle the call.
"So that means the caller sees her original call connected - but it can be recorded in the proxy [which is how] it's like a wiretap implant."