The Find My Mobile vulnerability was reported by the National Institute of Standards and Technology (NIST) in the US on its National Vulnerability Database (NVD), which gave it a high-severity rating at 7.8, and an exploitability sub-score of 10.0 due to its network exploitable nature, low access complexity, no authentication requirement, and disruption potential.
The Samsung Find My Mobile vulnerability was also reported by Egyptian security researcher Mohamed A. Baset (@SymbianSyMoh), who also uploaded two videos showing the vulnerability being exploited with cross-site request forgery (CSRF) attacks. Baset said he was able to insert scripts into Find My Mobile fields via the Web interface to force the service to lock, unlock, and ring a linked Samsung smartphone.
Samsung responded to the reports on its global blog in a post titled, 'Samsung's Find My Mobile service is safe'. The South Korean consumer electronics giant said the "reported issue in Find My Mobile was fixed through an update on October 13, and no user information has been compromised. Even before the update, any data from the phone or on the server could not be accessed by the hacker."
It added, "Samsung Electronics takes the security of our products very seriously and remains committed to providing our customers with the best user experience."
The firm did highlight conditions (seen below) required for the "unlikely situation" in which an attacker could remotely lock, unlock, and ring a Samsung device, but once again stressed the attacker would not have been able to access data.
Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.