Samsung 'Find My Mobile' Exploit Allegedly Lets Attackers Remotely Lock Your Phone

Advertisement
By NDTV Correspondent | Updated: 28 October 2014 18:55 IST

An Egyptian security researcher has allegedly found a vulnerability in Samsung's Find My Mobile service that enables unauthorised individuals to send remote lock, unlock, and ring commands to Samsung devices that support the service.

Also reported by the National Institute of Standards and Technology (NIST) in the US on its National Vulnerability Database (NVD), the Find My Mobile vulnerability has been given a high-severity rating at 7.8, with an exploitability sub-score of 10.0, due to its network exploitable nature, low access complexity, no authentication requirement, and disruption potential.

The NIST vulnerability summary states, "The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (screen locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic."

Advertisement

Samsung has not yet responded to the reports of the Find My Mobile vulnerability, and is expected to issue an update to its Galaxy Apps suite to fix the problem.

Two proof-of-concept videos have been uploaded to YouTube by Egyptian security researcher Mohamed A. Baset (@SymbianSyMoh) that show the vulnerability being exploited with cross-site request forgery (CSRF) attacks, where he is able to insert scripts into Find My Mobile fields via the Web interface to force the service to lock, unlock, and ring a linked Samsung smartphone.

Notably, the CSRF attack used by Baset is able to lock a Samsung smartphone with a "specific device lock code" set by the attacker, essentially causing a denial of service to the smartphone owner. Baset was also able to set a custom message in each case (locking, unlocking, ringing).

Advertisement

For now, it is being recommended that Samsung smartphone users turn off the Find My Mobile service, which as Computerworld notes is automatically enabled once a user registers for a Samsung account, or opens Galaxy Apps or Samsung Hub.

Samsung
Post your comments

Catch the latest from the Consumer Electronics Show on Gadgets 360, at our CES 2026 hub.

Further reading: Android, Exploit, Flaw, Samsung, Samsung Find My Mobile, Vulnerablity, Find My Phone, Galaxy Apps
Xiaomi Redmi Note 2 Purportedly Pictured; Tips 8-Megapixel Camera
Another Store Debuts Customer Service Robots, This Time in California
Advertisement

Related Stories

Google Is Reportedly Adding More Verification Layers in Play Store to Curb Sideloading Apps
19 January 2026
Android 17 May Redesign Notifications and Quick Settings With Split Layout
15 January 2026
CERT-In Urges Android Users to Update Smartphones After Google Patches Critical Dolby Vulnerability
14 January 2026
Google Play Store Could Soon Let Users Try Out Paid Games Before Purchasing Them: Report
8 January 2026
Samsung to Double Galaxy AI Mobile Devices to 800 Million Units This Year
5 January 2026
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Arc Raiders Will Get Multiple New Maps This Year, Says Embark
  2. Here's How Much the Realme P4 Power Could Cost in India
  3. JioHotstar Announces Monthly Subscription Plans Across All Tiers
  4. Realme Neo 8 Key Specifications Confirmed Ahead of January 22 Launch
  5. Viruses and Bacteria Evolve Differently in Space, ISS Study Finds
  6. Oppo K15 Turbo Pro Chipset, Display Details Revealed in New Leak
#Latest Stories
  1. Global RAM Shortage Is Reportedly Causing GPU, Storage Drive Prices to Skyrocket
  2. Viruses and Bacteria Evolve Differently in Space, ISS Study Finds
  3. Rockstar Games Said to Have Granted a Terminally Ill Fan's Wish to Play GTA 6
  4. Oppo K15 Turbo Series Tipped to Feature Built-in Cooling Fans; Oppo K15 Pro Model Said to Get MediaTek Chipset
  5. Samsung Galaxy Z Fold 8 Said to Feature Dual Ultra-Thin Glass OLED Panel to Reduce Crease Visibility
  6. Honor Magic 8 Pro Air Launched Alongside Honor Magic 8 RSR Porsche Design: Price, Specifications
  7. Realme Neo 8 Key Specifications Including 8,000mAh Battery, Ultrasonic Fingerprint Sensor Confirmed
  8. Astronomers Find Massive Iron-Rich Feature Lurking Under the Ring Nebula
  9. Asus Reportedly Halts Smartphone Launches ‘Temporarily’ to Focus on AI Robots, Smart Glasses
  10. JioHotstar Announces Monthly Subscription Plans Across Mobile, Super, and Premium Tiers
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.