Vulnerability in Find My Mobile service allows an attacker to get remote access to the Samsung smartphone

Services for detecting a stolen or lost phone, with the ability to remotely block, call or destroy information on a smartphone, exist at every large and medium-sized manufacturer. There are such services from Apple, HTC, and Samsung. The service is called Find My Mobile.

As it turned out, this service can be used not only by the owner of the phone, the attacker can work with it. Under certain conditions, a third-party person can access the management of a remote Samsung smartphone, with the same ability to lock the phone or erase all information from it.
')
Network security specialists have found that when sending a security code, Find My Mobile does not validate the information received. As a result, an attacker can flood the phone to gain control of the device.

So far, Samsung has not commented on the vulnerability.





Via engadget