Samsung 'Find My Mobile' Flaw Allows Hacker to Remotely Lock Your Device
Oct 27, 2014
The National Institute of Standards and Technology (NIST) is warning users of a newly discovered Zero-Day flaw in the Samsung Find My Mobile service , which fails to validate the sender of a lock-code data received over a network. The Find My Mobile feature implemented by Samsung in their devices is a mobile web-service that provides samsung users a bunch of features to locate their lost device, to play an alert on a remote device and to lock remotely the mobile phone so that no one else can get the access to the lost device. The vulnerability in Samsung's Find My Mobile feature was discovered by Mohamed Abdelbaset Elnoby (@SymbianSyMoh) , an Information Security Evangelist from Egypt. The flaw is a Cross-Site Request Forgery (CSRF) that could allow an attacker to remotely lock or unlock the device and even make the device rings too. Cross-Site Request Forgery (CSRF or XSRF) is an attack that tricks the victim into loading a page that contains a specially crafted HT