loading...

How Samsung Phones Secretly Spy On Your Location

securestep9 profile image Sam Stepanyan Originally published at Medium on ・1 min read

While working on a mobile application security project for a client, I had to investigate all HTTPS calls made by an app using a “man-in-the-middle” technique essentially pushing all traffic from the test Samsung Galaxy S5 smartphone through an intercepting proxy. And I stumbled upon something really strange.

Every now and then the phone would send a POST request to the following URL:

https://ew.disaster-device.ssp.samsung.com/quloc

What was interesting was in the payload. This was not a usual POST request, it contained the following 45-byte string:

{“lat”:51.5xxxxx,”lon”:-0.1xxxxxx,”dv”:”01"}

which was the phone’s precise location! I obfuscated the exact digits with xxxx in the above example.

So, it appears that Samsung phones periodically “call home” and report their location to Samsung. Why this data collection happens? I will continue to investigate, but wanted to publish this information in case if somebody else comes across this mysterious “disaster-device” URL.

ThreatCrowd shows a bit more information about the target domain and associated subdomains:

https://www.threatcrowd.org/domain.php?domain=ew.disaster-device.ssp.samsung.com

Posted on by:

securestep9 profile

Sam Stepanyan

@securestep9

OWASP London Chapter Leader. Application Security (#AppSec) Consultant. WAF Specialist

Discussion

pic
Editor guide