Samsung’s Find My Mobile feature which is part of the Galaxy series of smartphones has been found to include several security vulnerabilities. According to the available report by taking advantage of them hackers can manipulate the devices into running malicious actions.
Samsung Galaxy Phones Can Be Hacked Via the Find My Mobile Service Vulnerabilities
Samsung’s Find My Mobile service has been found to include several security vulnerabilities. This was reported by Pedro Umreblino, a cybersecurity researcher who found out about the issues. According to him these multiple weak spots can be abused by hackers in order to lead to the execution of malicious actions. These findings were shared in the DEFCON security conference which took place last week.
The possible delivery of the malicious apps can be done via all common distribution strategies. This can include the embedding of the virus code in payload carriers, sending the files through phishing email messages and the uploading of the malware to file-sharing networks and third-party app repositories.
The security weaknesses are four and are part of the Find My Mobile components, they can easily be exploited by a rogue application. The only needed permissions are access to the SD card. This access is required to trigger the first security bug which will start the execution chain. In the end of this process a file will be created by the malware application which can be used for several malicious actions:
- Factory Reset
- Wipe Data
- Locate Services
- Phone Calls and Messages Access
- Locking and unlocking the home
The initial discovery of the flaw was done last year and Samsung addressed it in October 19. However the public disclosure was done at the DEFCON conference. Vulnerable devices are the unpatched Galaxy S7, S8 and S9+ phones.