Hackers Can Remotely Wipe Any Samsung Phone Using The 'Find My Mobile' Feature

Advertisement

A security researcher has discovered a vulnerability in Samsung's "Find My Mobile" feature that could let hackers interfere with phones over the internet.

Advertisement

The Find My Mobile service lets Samsung customers track their devices, and lock or erase them if they get stolen. However, The Register reports that Mohamed Baset discovered that Samsung doesn't properly check where requests to Find My Mobile come from. This means that hackers can impersonate the device owners and interfere with the account.

So what can hackers do with this security flaw? They can display a customized message on the phone screen, or find the phone's most recent location on a map. A hacker who attacked someone through the service could also force phones to ring on full volume for a minute, or even erase all data on the phone.

Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More

Baset uploaded a video to YouTube showing just how easy it is to hack into Samsung phones using Find My Mobile.

The National Institute of Standards and Technology examined the hack, and issued this statement:

Advertisement

The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (screen locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic.

Computer World reports that the "Find My Mobile" vulnerability was given a 7.8 score in the Institute's seriousness scale, indicating that it could be harmful to a wide number of Samsung phone users.