Samsung 'Find My Mobile' Exploit Allegedly Lets Attackers Remotely Lock Your Phone

Advertisement
By NDTV Correspondent | Updated: 28 October 2014 18:55 IST
Samsung 'Find My Mobile' Exploit Allegedly Lets Attackers Remotely Lock Your Phone

An Egyptian security researcher has allegedly found a vulnerability in Samsung's Find My Mobile service that enables unauthorised individuals to send remote lock, unlock, and ring commands to Samsung devices that support the service.

Also reported by the National Institute of Standards and Technology (NIST) in the US on its National Vulnerability Database (NVD), the Find My Mobile vulnerability has been given a high-severity rating at 7.8, with an exploitability sub-score of 10.0, due to its network exploitable nature, low access complexity, no authentication requirement, and disruption potential.

The NIST vulnerability summary states, "The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (screen locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic."

Samsung has not yet responded to the reports of the Find My Mobile vulnerability, and is expected to issue an update to its Galaxy Apps suite to fix the problem.

Advertisement

Two proof-of-concept videos have been uploaded to YouTube by Egyptian security researcher Mohamed A. Baset (@SymbianSyMoh) that show the vulnerability being exploited with cross-site request forgery (CSRF) attacks, where he is able to insert scripts into Find My Mobile fields via the Web interface to force the service to lock, unlock, and ring a linked Samsung smartphone.

Notably, the CSRF attack used by Baset is able to lock a Samsung smartphone with a "specific device lock code" set by the attacker, essentially causing a denial of service to the smartphone owner. Baset was also able to set a custom message in each case (locking, unlocking, ringing).

Advertisement

For now, it is being recommended that Samsung smartphone users turn off the Find My Mobile service, which as Computerworld notes is automatically enabled once a user registers for a Samsung account, or opens Galaxy Apps or Samsung Hub.

Samsung
Post your comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Android, Exploit, Flaw, Samsung, Samsung Find My Mobile, Vulnerablity, Find My Phone, Galaxy Apps
Xiaomi Redmi Note 2 Purportedly Pictured; Tips 8-Megapixel Camera
Another Store Debuts Customer Service Robots, This Time in California
Advertisement

Related Stories

Google Updates Android TV Home Screen With Four New Promotional Category Tabs: Report
3 July 2025
Nothing OS 4.0 Based on Android 16 to Release This Autumn, Confirms CEO Carl Pei
3 July 2025
Samsung Galaxy S25 Series One UI 8 Beta 3 With Bug Fixes Reportedly Live in the UK, Other Markets
1 July 2025
Samsung Galaxy A55 5G Spotted on Geekbench With Android 16; May Receive One UI 8 Beta Update Soon
30 June 2025
Gmail's Web Client Gets Manage Subscriptions Page; ‘Mark as Read’ Reportedly Rolling Out to Android Users
30 June 2025
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Oppo Reno 14 5G Series Launching Today: All You Need to Know
  2. Oppo Reno 14 Pro 5G Launched in India Alongside Reno 14 5G: See Price
  3. Nothing Teases Release of Android 16-Based Nothing OS 4.0 Update
  4. OnePlus Buds 4 Key Features Revealed Ahead of July 8 India Launch
  5. Honor MagicPad 3 Launched With 165Hz Display, These Features
  6. Google's Veo 3 Finally Comes to India, Can Generate AI Videos With Audio
  7. Alienware Area-51, Aurora Desktops Refreshed in India: Price, Features
  8. Maa OTT Release Date Reportedly Revealed: When and Where to Watch it Online?
  9. Samsung Galaxy Watch 8 Series Said to Get These Watch Faces
#Latest Stories
  1. Microsoft Cancels Perfect Dark, Shuts Down Developer The Initiative in Widespread Xbox Cuts
  2. Google Updates Android TV Home Screen With Four New Promotional Category Tabs: Report
  3. Google Veo 3 Video Generation Model Comes to India, Available to Paid Subscribers
  4. North Korean Hackers Use NimDoor macOS Malware to Target Web3, Crypto Platforms
  5. Oppo Reno 14 Pro 5G Launched in India With MediaTek Dimensity 8450 SoC Alongside Reno 14 5G
  6. Honor Watch 5 Ultra Launched With eSIM Support, ECG Tracking, Up to 15 Days Battery Life
  7. Perplexity Max Introduced as the Company’s Most Expensive Subscription Plan Yet
  8. OnePlus Buds 4 Key Features Revealed Ahead of July 8 India Launch
  9. Nothing OS 4.0 Based on Android 16 to Release This Autumn, Confirms CEO Carl Pei
  10. Honor MagicPad 3 Launched With 165Hz Screen, Snapdragon 8 Gen 3 SoC: Price, Specifications
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.