NIST warned that if an attacker exploits the zero-day vulnerability in Samsung's ‘Find My Mobile’ service, then the hacker can remotely lock, unlock and ring the phone.
There are a plethora of “find my phone” type apps, but if your Android is a Samsung and you use
Find My Mobile then you should know that NIST is warning about a zero-day in the service.
Samsung’s
Find My Mobile remote control “features” include lock my device, ring my device, locate my device, wipe my device, unlock my screen, call logs, SIM change alert and register a personal guardian. The service is not enabled by default; instead it is automatically enabled after registering for a Samsung account.
According to the National Institute of Standards and Technology (
NIST):
The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (screen locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic.
