The National Institute of Standards and Technology issued a warning last week that Samsung’s Find My Mobile feature on some of its devices is very “hackable” due to numerous security vulnerabilities. But the OEM has now issued a statement saying that the issue mentioned has already been fixed early last month and assured users that no information has been compromised, while at the same time, issuing warnings on how attackers may be able to access your device remotely.

The Find My Mobile service is available for Samsung smartphones and tablets that are running on Gingerbread or higher, starting from the Galaxy S II. However, the NIST published a report showing the Cross-Site Request Forgery (CSRF) vulnerabilities in the feature. Samsung said that this has been dealt with in an update released last October 13. But it doesn’t mean to say that attackers cannot lock/unlock your device or even make it ring, but they released of conditions in which you could be subject to attack.

All four of the conditions stated will have to happen in order for the attack to be “successful”. First, the attacker has to send a link with malicious code through email, instant message or SMS, which the user will then click. But the attack will only work if the user has set up the Find My Mobile Remote to “on” on the device and if the user has entered their ID and password on the Find My Mobile website, which usually automatically logs you out when you’re not using it.

Chances are, if you’re using the service, you would have done the last two items at least once. So the lesson here is, do not click any suspicious-looking link that strangers send you. Unless of course, one of your friends is the one trying to hack or attack your device, in which case, you had better pick better friends.

SOURCE: Samsung

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.