Samsung flaw lets hackers remotely lock devices: Bug in the Find My Mobile service leaves handsets open to attack

Millions of Samsung devices may be at risk of attack due to a vulnerability in the firm's Find My Mobile service.

An Egyptian security researcher has discovered a way to hack into the service and remotely unlock handsets from a PC.

Once a hacker has access to a device, they can also change the PIN code rendering it useless to the owner.#WATCH video below:

Uses beyond this are not known, and it is unclear whether hackers will be able to exploit it further to access personal information on the device.

Mohamad Baset posted a proof-of-concept video at the weekend that shows him hacking a device, unlocking it, changing the greeting message and remotely calling it. 

His hack is controlled using the web on a PC.

There are three modes of attack seen in the video: Remote mobile device lock, remote mobile device unlock, and remote device mobile ring.  

The flaw has also been reported by the National Institute of Standards and Technology (NIST) in the US on its National Vulnerability Database (NVD).

The security researchers have given it a high-severity rating of 7.8, with an ‘exploitability sub-score’ of 10.0. 

This means it is a relatively easy hack and doesn't require authentication.

Egyptian researcher Mohamad Baset has posted a proof-of-concept video (screengrab pictured) that shows him hacking a device, unlocking it, changing the greeting message and remotely calling it. The flaw has also been reported by the National Institute of Standards and Technology (NIST)