Vulnerability in Find My Mobile service allows an attacker to gain remote access to a Samsung smartphone

Services that allow you to detect a stolen or lost phone, with the ability to remotely lock, ring or destroy information on a smartphone, exist for every large and medium-sized manufacturer. Apple, HTC have such services, Samsung has it too. The service is called Find My Mobile.

As it turned out, this service can be used not only by the owner of the phone, an attacker can also work with it. Under certain conditions, a third-party person can access the remote control of a Samsung smartphone, with the very ability to block the phone or erase all information from it.

Network security experts found that Find My Mobile does not validate the information received when sending the security code. As a result, an attacker can flood the phone to gain control of the device.

So far, Samsung has not commented on the vulnerability.





Via engadget