Features offered by Samsung such as Find My Mobile are great if you’ve lost your phone and you’re trying to locate it, or if your phone has been stolen and you’re trying to remotely wipe the data so that whoever stole it will not be able to access its contents. Unfortunately according to reports, it seems that a recent vulnerability of the feature has been uncovered that will ultimately turn the tables.
According to the government’s National Institute of Standards and Technology, they found that the “Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network.” What this means is that hackers could in theory use the same Find My Mobile feature to remotely lock you out of your own phone and setting a passcode of their choice in the process.
NIST has given the vulnerability score of 7.8/10, an impact score of 6.9/10, and an exploitability score of 10/10. So far there haven’t been any reports of users who have been on the unfortunate end of this hack, so we guess we should be thankful of that. However in the meantime if you’d like to be safe, you could temporarily disable the feature under Settings -> More -> Find My Mobile -> Remote Controls.
Samsung has also yet to issue a statement or comment on the matter, but hopefully they will address it soon and issue a patch to fix it. In the meantime to see the vulnerability in action, you can check it out in the video above.