One of the most popular and useful security functions of mobile handsets can be turned against the owner.
Samsung’s ‘Find My Mobile’ system, which allows you to to locate, lock, ring, and wipe your device should it be stolen or lost, can be taken over, potentially allowing a hacker to remotely lock the device, change its passcode, or wipe the device according to Mashable.
The remote hack exploits a flaw in Samsung’s Find My Mobile system to enact denial-of-service attacks. If ‘Find My Mobile’ is enabled, it means that hackers can lock the Samsung handset and change its unlock code.
The government’s own National Vulnerability Database explains that the hack is possible because Samsung devices do not validate the source of lock-code data through the network, making handsets from the South Korean manufacturer more susceptible to this manner of attack. It gives the exploit a severity score of 7.8 (or high).
Slashgear warns Samsung users that, “although not enabled by default, once a user creates a Samsung account, which owners might do to get access to Samsung-exclusive apps and services on their device, it becomes enabled.”
While options for a hacker are limited because of the remote nature of the hack, it might still be possible to hold a phone owner to ransom via a personalized message that Find My Mobile allows you to post to the lock screen. “There’s precedent for such attacks,” The Register explains, “last May an attacker using the handle ‘Oleg Pliss’ locked scores of antipodean iPhones and demanded $50 to unlock the devices.”
A Samsung spokesman told Mashable that “Samsung takes the security of our products very seriously and we are currently investigating the matter.”
1000 Words / Shutterstock.com