The Find My Mobile vulnerability was reported by the National Institute of Standards and Technology (NIST) in the US on its National Vulnerability Database (NVD), which gave it a high-severity rating at 7.8, and an exploitability sub-score of 10.0 due to its network exploitable nature, low access complexity, no authentication requirement, and disruption potential.
The Samsung Find My Mobile vulnerability was also reported by Egyptian security researcher Mohamed A. Baset (@SymbianSyMoh), who also uploaded two videos showing the vulnerability being exploited with cross-site request forgery (CSRF) attacks. Baset said he was able to insert scripts into Find My Mobile fields via the Web interface to force the service to lock, unlock, and ring a linked Samsung smartphone.
Samsung responded to the reports on its global blog in a post titled, 'Samsung's Find My Mobile service is safe'. The South Korean consumer electronics giant said the "reported issue in Find My Mobile was fixed through an update on October 13, and no user information has been compromised. Even before the update, any data from the phone or on the server could not be accessed by the hacker."
It added, "Samsung Electronics takes the security of our products very seriously and remains committed to providing our customers with the best user experience."
The firm did highlight conditions (seen below) required for the "unlikely situation" in which an attacker could remotely lock, unlock, and ring a Samsung device, but once again stressed the attacker would not have been able to access data.
For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.