Forem

Sam Stepanyan
Sam Stepanyan

Posted on • Originally published at Medium on

1

How Samsung Phones Secretly Spy On Your Location

While working on a mobile application security project for a client, I had to investigate all HTTPS calls made by an app using a “man-in-the-middle” technique essentially pushing all traffic from the test Samsung Galaxy S5 smartphone through an intercepting proxy. And I stumbled upon something really strange.

Every now and then the phone would send a POST request to the following URL:

https://ew.disaster-device.ssp.samsung.com/quloc

What was interesting was in the payload. This was not a usual POST request, it contained the following 45-byte string:

{“lat”:51.5xxxxx,”lon”:-0.1xxxxxx,”dv”:”01"}

which was the phone’s precise location! I obfuscated the exact digits with xxxx in the above example.

So, it appears that Samsung phones periodically “call home” and report their location to Samsung. Why this data collection happens? I will continue to investigate, but wanted to publish this information in case if somebody else comes across this mysterious “disaster-device” URL.

ThreatCrowd shows a bit more information about the target domain and associated subdomains:

https://www.threatcrowd.org/domain.php?domain=ew.disaster-device.ssp.samsung.com

Sentry image

See why 4M developers consider Sentry, “not bad.”

Fixing code doesn’t have to be the worst part of your day. Learn how Sentry can help.

Learn more

Top comments (0)

AWS Security LIVE!

Tune in for AWS Security LIVE!

Join AWS Security LIVE! for expert insights and actionable tips to protect your organization and keep security teams prepared.

Learn More

👋 Kindness is contagious

Discover a treasure trove of wisdom within this insightful piece, highly respected in the nurturing DEV Community enviroment. Developers, whether novice or expert, are encouraged to participate and add to our shared knowledge basin.

A simple "thank you" can illuminate someone's day. Express your appreciation in the comments section!

On DEV, sharing ideas smoothens our journey and strengthens our community ties. Learn something useful? Offering a quick thanks to the author is deeply appreciated.

Okay