According to latest reports Samsung’s Find My Mobile service which is developed to track your stolen and lost Galaxy smartphone is vulnerable to remote attack. The hackers can use the same service to attack your phone and even lock your phone with their own passcode.
This is a serious security problem as the service is used by millions of Samsung Galaxy users. National Institute of Standards and Technology (NIST) studies found out that “Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (screen locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic”. It also rates the base score of the vulnerability at 7.8, impact score at 6.9 and exploitability score of 10 (all out of 10).
Samsung has not given any official statement on this matter till now, but we hope soon there will be some updates from Samsung on this security loophole. In the mean time you can deactivate the feature from Settings > More > Find My Mobile > Remote controls.
The following videos demonstrate how the vulnerability can affect your Samsung Galaxy phones.
