Security Issue in Samsung's "Find My Mobile"

« Go back

NIST warned that a vulnerability in Samsung's ‘Find My Mobile’ service might allow the hacker remotely lock and unlock the phone.

Samsung’s Find My Mobile remote control “features” include lock my device, ring my device, locate my device, wipe my device, unlock my screen, call logs, SIM change alert and register a personal guardian.

The service is not enabled by default; instead it is automatically enabled after registering for a Samsung account.

According to the National Institute of Standards and Technology (NIST): The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (screen locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic.

Related links