Millions of Samsung devices may be at risk of attack due to a vulnerability in the firm's Find My Mobile service.
An Egyptian security researcher has discovered a way to hack into the service and remotely unlock handsets from a PC.
Once a hacker has access to a device, they can also change the PIN code rendering it useless to the owner.#WATCH video below:
Uses beyond
this are not known, and it is unclear whether hackers will be able to
exploit it further to access personal information on the device.
Mohamad Baset posted a proof-of-concept video at the weekend that shows him hacking a device, unlocking it, changing the greeting message and remotely calling it.
His hack is controlled using the web on a PC.
There
are three modes of attack seen in the video: Remote mobile device lock,
remote mobile device unlock, and remote device mobile ring.
The
flaw has also been reported by the National Institute of Standards and
Technology (NIST) in the US on its National Vulnerability Database
(NVD).
The security researchers have given it a high-severity rating of 7.8, with an ‘exploitability sub-score’ of 10.0.
This means it is a relatively easy hack and doesn't require authentication.
No comments:
Post a Comment