Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
DaraSinghCCS
Participant

Data capture possibility in phone call

Hi Experts!

             I just wanted to know your opinion on a scenario of capturing the user's data. Here is the scenario:

A user is working on some financial transaction related query into his bank account and just he login into his internet banking portal on mobile and at the same time a  vulnerable call  with unknown number ringed his phone and the user received this call. Is it possible to capture the user's mobile traffic data during  this call duration?

 

  

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

There are multiple possible attack vectors here: the SS7 network itself as well as the phone and its various subsystems.
Specially crafted SMS or radio broadcast packets could be potentially used to compromise a device and data could be exfiltrated.
Maybe not with just a phone call specifically but a phone call along with other attack vectors might lead to an exploit of some sort.

We did find an issue in the modem of some phones recently, as described here: https://research.checkpoint.com/2021/security-probe-of-qualcomm-msm/