DEV Community

Sam Stepanyan
Sam Stepanyan

Posted on • Originally published at Medium on

How Samsung Phones Secretly Spy On Your Location

While working on a mobile application security project for a client, I had to investigate all HTTPS calls made by an app using a “man-in-the-middle” technique essentially pushing all traffic from the test Samsung Galaxy S5 smartphone through an intercepting proxy. And I stumbled upon something really strange.

Every now and then the phone would send a POST request to the following URL:

https://ew.disaster-device.ssp.samsung.com/quloc

What was interesting was in the payload. This was not a usual POST request, it contained the following 45-byte string:

{“lat”:51.5xxxxx,”lon”:-0.1xxxxxx,”dv”:”01"}

which was the phone’s precise location! I obfuscated the exact digits with xxxx in the above example.

So, it appears that Samsung phones periodically “call home” and report their location to Samsung. Why this data collection happens? I will continue to investigate, but wanted to publish this information in case if somebody else comes across this mysterious “disaster-device” URL.

ThreatCrowd shows a bit more information about the target domain and associated subdomains:

https://www.threatcrowd.org/domain.php?domain=ew.disaster-device.ssp.samsung.com

Top comments (0)