Samsung 'Find My Mobile' Exploit Allegedly Lets Attackers Remotely Lock Your Phone

Advertisement
By NDTV Correspondent | Updated: 28 October 2014 18:55 IST

An Egyptian security researcher has allegedly found a vulnerability in Samsung's Find My Mobile service that enables unauthorised individuals to send remote lock, unlock, and ring commands to Samsung devices that support the service.

Also reported by the National Institute of Standards and Technology (NIST) in the US on its National Vulnerability Database (NVD), the Find My Mobile vulnerability has been given a high-severity rating at 7.8, with an exploitability sub-score of 10.0, due to its network exploitable nature, low access complexity, no authentication requirement, and disruption potential.

Advertisement

The NIST vulnerability summary states, "The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (screen locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic."

Samsung has not yet responded to the reports of the Find My Mobile vulnerability, and is expected to issue an update to its Galaxy Apps suite to fix the problem.

Two proof-of-concept videos have been uploaded to YouTube by Egyptian security researcher Mohamed A. Baset (@SymbianSyMoh) that show the vulnerability being exploited with cross-site request forgery (CSRF) attacks, where he is able to insert scripts into Find My Mobile fields via the Web interface to force the service to lock, unlock, and ring a linked Samsung smartphone.

Notably, the CSRF attack used by Baset is able to lock a Samsung smartphone with a "specific device lock code" set by the attacker, essentially causing a denial of service to the smartphone owner. Baset was also able to set a custom message in each case (locking, unlocking, ringing).

Advertisement

For now, it is being recommended that Samsung smartphone users turn off the Find My Mobile service, which as Computerworld notes is automatically enabled once a user registers for a Samsung account, or opens Galaxy Apps or Samsung Hub.

Samsung

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. Amazon Prime Day 2026: Best Deals on Soundbars From JBL, and More
  2. Best 5G Phones Under Rs. 15,000 With Long Battery Life in India
  1. Boat Stone 900 Launched in India With Up to 80W Sound Output, Up to 15 Hours Audio Playback: Price, Features
  2. Samsung Galaxy S27, Galaxy S27+ Said to Feature 'Privacy Display'; Ultra Model Might Get Selfie Camera Upgrade
  3. PS Plus Monthly Games for July Include Call of Duty: Modern Warfare 3, For the King 2 and CrossCode
  4. Nothing Phone 4b RCB Edition Design, Colour Revealed Days Ahead of Debut
  5. Garmin Forerunner 70, Forerunner 170, Forerunner 170 Music Launched in India With 1.2-Inch Display, Up to 13 Days Battery Life
  6. Redmi Note 17 Series Launch Timeline Teased, Company Touts Display Upgrades and Longer Battery Life
  7. Lava Probuds T51, Xscape 13° Neckband With Up to 70 Hours Battery Life Launched in India: Price, Features
  8. Best Noise Cancellation Headphones in India to Buy This Amazon Prime Day: boAt Rockerz 650 Pro, JBL Tune 520 BT and More
  9. Oppo Enco Air 5 With Up to 52dB ANC, Up to 54 Hours Battery Launched in India: Price, Features
  10. Apple Reportedly Cuts iPhone 17 Series Production Plans by 15 Percent as Demand Softens
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.