According to an NIST report, Samsung’s Find My Mobile service has a loophole which could allow hackers to remotely mess with your Galaxy phone.
Both NIST (National Institute of Standards and Technology) and self-proclaimed “information security evangelist” Mohammed Basit have warned Samsung users that an exploit within their devices could let ill-intentioned people lock, ring or wipe their smartphones at will, without even getting their hands on the phones.
According to the report, attackers could flood a Galaxy phone with network information in order to gain access, owing to the fact that Sammy’s Find My Mobile service doesn’t validate lock code data, which means that anyone with the locator service switched on is vulnerable to attack. There’s a video of such an attack being carried out on YouTube.
The really alarming thing is that Find My Mobile is usually switched on by default when you sign up for an account with Samsung, so unless you’ve been proactive and switched the service off manually, there’s a good chance that you’re at risk.
Samsung has yet to comment on the report but is expected to offer some sort of fix to the problem in the foreseeable future. Until such a time, it’s probably best to turn off Find My Mobile altogether as that’s the only way to guarantee security.
From what we can gather, the exploit doesn’t allow hackers to gain access to sensitive data, so we can’t see a ‘Fappening’ style disaster happening for Samsung users any time soon. Of course, once one exploit has been revealed, it’s often only a matter of time before hackers pull the thread in hope of unravelling the whole security blanket.