Samsung's Find My Mobile service is safe from hackers, according to the Korean giant.
Samsung responded this week to a warning from the National Institute of Standards and Technology (NIST), which found that the service, used for locating Galaxy devices remotely, was vulnerable to certain hack attempts. The issue was fixed through an update on October 13.
“No user information has been compromised,” Samsung noted in a posting on its website. “Even before the update, any data from the phone or on the server could not be accessed by the hacker.”
NIST issued the advisory after a demo showed up on YouTube, illustrating how the Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network. That makes it easier for remote attackers to cause a denial of service (screen-locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic.
Samsung meanwhile said that prior to the update, “an attacker could lock/unlock user's device and make the device ring (but not access any data).” The attacker could send a link containing malicious code to execute an exploit, but the Find My Mobile user would need to switch the Find My Mobile Remote control 'on' at his/her device and enter an ID and password to log on at the Find My Mobile website, before clicking the link, which could be sent by email instant message or SMS.
Find My Mobile is available for some devices, which run on Android 2.3.3 Ginger bread or higher from Galaxy S II.
“Samsung Electronics takes the security of our products very seriously and remains committed to providing our customers with the best user experience,” Samsung said.
The issue comes shortly after Samsung answered allegations that its encrypted Samsung Knox operating system (which has been cleared for use by the US Department of Defense and the UK government) has encryption flaws.