The news of hacking and snooping is not new in the smartphone industry. However, the newest research reveals that you can actually hack all Samsung smartphones using a simple calculator application.
Elliot Alderson, A French security researcher, has revealed that an attacker with physical access to a Samsung smartphone can capture the network traffic details and it can also screen record your phone for one full hour. He revealed in a series of a tweet that one can simply hack by using opening Calculator application and typing (+30012012732+. This will open the DRParser Mode application and one can type *#9900$ on the app to boot up the Service Mode application.
THREAD: If you have a @SamsungMobile phones, whatever your phone model, an attacker with a physical access to your phone can capture your network traffic without your consent. Let me show you
— Elliot Alderson (@fs0c131y) April 10, 2019
The Service Mode app has different options run dump state, enable silent logging from the boot and there are three greyed out options including low batter dump, tcp dump start and IMS logger. The researcher reveals that tcpdump is a command-line packet analyzer that is used to capture network traffic. However, tapping the button ask for an OTP, which the researcher bypassed by reversing the ServiceMode app and creating an OTP. The researcher was then able to get the OTP in the pop-up and started running tcpdump to capture all the network traffic on the local storage.
He further reveals that that flaw also allows attackers to record their’s screen for one full hour. This is done using the IMS LOGGER option, which is one of the greyed option present in the Service Mode app. He says that the screen recording is saved on the local storage as well. The researcher further revealed that Samsung is aware of this flaw. Interestingly, Samsung is yet to make an official comment on this flaw.