Zero-Day Flaw In Samsung FindMyMobile Allows Denial Of Service Attack


A zero-day flaw found in Samsung FindMyMobile web service allows an attacker to cause denial of service on target's device. NIST (National Institute Of Standards And Technology) wrote " The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (screen locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic."

FindMyMobile ?
FindMyMobile is a web service offered by Samsung to ensure user's mobile data security. If a user lose the device, FindMyMobile offers many options like: tracing the current location of device, lock the device, ring the device, SIM change alerts and lots more.

Here is two YouTube videos demonstrating the Zero-Day Flaw in FindMyMobile. In these videos Security expert Mohamed Abdelbaset Elnoby demonstrates how to lock,unlock, and ring target's device remotely.



No comments

Powered by Blogger.