Find My Phone does just one thing but Samsung's messed it up

Hackers can p0wn smartmobes through handset location services


Researcher Mohamed Baset has reported a zero day flaw that allows hackers to lock a host of Samsung phones with the lost device feature.

Baset (@SymbianSyMoh) uploaded a proof of concept video to YouTube showing how to lock a Samsung phone using a cross site request forgery vulnerability in the Find My Mobile feature.

Phones could be remotely locked, unlocked, or made to ring, Baset demonstrated.

The US National Vulnerability Database warned the wider public about the flaws in an advisory rated in risk 7.8 out of 10.

"The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (screen locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic," the agency wrote.

The value of locking and ringing Samsung phones en masse was obvious for frequenters of web cesspits such as 4Chan but it could open an opportunity for others to hold owners to ransom.

There's precedent for such attacks: last May an attacker using the handle "Oleg Pliss" locked scores of antipodean iPhones and demanded $50 to unlock the devices.

That bid failed miserably despite the efforts of a few victims to pay up because Pliss failed to register the payable email address, while users still had the option of wiping their devices.®

Broader topics


Other stories you might like

  • Cisco warns of security holes in its security appliances
    Bugs potentially useful for rogue insiders, admin account hijackers

    Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. 

    The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacturer won't release fixes; it instead told customers to migrate to a newer version and dump the old.

    This bug received a 7.7 out of 10 CVSS severity score, and Cisco noted that its security team is not aware of any in-the-wild exploitation, so far. That said, given the speed of reverse engineering, that day is likely to come. 

    Continue reading
  • Top chip foundries grow amid electronics spending slowdown. Except Samsung
    Chaebol hit by lower demand for smartphones and TVs plus 4nm yield issues

    The demand for consumer electronics has slowed down in the face of inflation – but that didn't stop nine of the world's 10 largest contract chip manufacturers from growing in the first three months of the year.

    That's according to Taiwanese research firm TrendForce, which said on Monday the collective revenues for the top 10 chip foundries grew 8.2 percent to $31.96 billion in the first quarter of 2022 from the previous quarter. That's a hair slower than the 8.3 percent quarterly growth reported for the top-ten foundries in the fourth quarter of last year.

    On a broader level, TrendForce said this revenue growth came from a mix of "robust wafer production" and foundries continuing to raise the prices of wafers as a result of high demand.

    Continue reading
  • Samsung said to be sniffing around European chipmakers
    Fresh out of jail on corruption charges, the company's leader goes shopping

    Samsung vice chairman Lee Jae-yong is said to be courting Dutch chipmaker NXP on a visit to Europe to bolster the company's position in the automotive semiconductor market.

    According to the Asian Tech Press, Jae-yong, who has been released on probation after serving time on corruption charges, is expected to visit several chipmakers and semiconductor manufacturing vendors including the Netherland's NXP and ASML, as well as Germany's Infineon. Press became aware of Jae-yong's plans after a Seoul Central District Court approved the vice chairman's travel plans.

    NXP offers a wide array of microprocessors, power management, and wireless chips for automotive, communications, and industrial applications. However, the Asian Tech Press said Samsung's interest in the company, which is valued at approximately $56 billion, is primarily rooted in the company's automotive silicon.

    Continue reading
  • If you're using older, vulnerable Cisco small biz routers, throw them out
    Severe security flaw won't be fixed – as patches released this week for other bugs

    If you thought you were over the hump with Patch Tuesday then perhaps think again: Cisco has just released fixes for a bunch of flaws, two of which are not great.

    First on the priority list should be a critical vulnerability in its enterprise security appliances, and the second concerns another critical bug in some of its outdated small business routers that it's not going to fix. In other words, junk your kit or somehow mitigate the risk.

    Both of these received a CVSS score of 9.8 out of 10 in severity. The IT giant urged customers to patch affected security appliances ASAP if possible, and upgrade to newer hardware if you're still using an end-of-life, buggy router. We note that miscreants aren't actively exploiting either of these vulnerabilities — yet.

    Continue reading
  • Halfords suffers a puncture in the customer details department
    I like driving in my car, hope my data's not gone far

    UK automobile service and parts seller Halfords has shared the details of its customers a little too freely, according to the findings of a security researcher.

    Like many, cyber security consultant Chris Hatton used Halfords to keep his car in tip-top condition, from tires through to the annual safety checks required for many UK cars.

    In January, Hatton replaced a tire on his car using a service from Halfords. It's a simple enough process – pick a tire online, select a date, then wait. A helpful confirmation email arrived with a link for order tracking. A curious soul, Hatton looked at what was happening behind the scenes when clicking the link and "noticed some API calls that seemed ripe for an IDOR" [Insecure Direct Object Reference].

    Continue reading
  • Azure issues not adequately fixed for months, complain bug hunters
    Redmond kicks off Patch Tuesday with a months-old flaw fix

    Updated Two security vendors – Orca Security and Tenable – have accused Microsoft of unnecessarily putting customers' data and cloud environments at risk by taking far too long to fix critical vulnerabilities in Azure.

    In a blog published today, Orca Security researcher Tzah Pahima claimed it took Microsoft several months to fully resolve a security flaw in Azure's Synapse Analytics that he discovered in January. 

    And in a separate blog published on Monday, Tenable CEO Amit Yoran called out Redmond for its lack of response to – and transparency around – two other vulnerabilities that could be exploited by anyone using Azure Synapse. 

    Continue reading
  • Symantec: More malware operators moving in to exploit Follina
    Meanwhile Microsoft still hasn't patched the fatal flaw

    While enterprises are still waiting for Microsoft to issue a fix for the critical "Follina" vulnerability in Windows, yet more malware operators are moving in to exploit it.

    Microsoft late last month acknowledged the remote code execution (RCE) vulnerability – tracked as CVE-2022-30190 – but has yet to deliver a patch for it. The company has outlined workarounds that can be used until a fix becomes available.

    In the meantime, reports of active exploits of the flaw continue to surface. Analysts with Proofpoint's Threat Insight team earlier this month tweeted about a phishing campaign, possibly aligned with a nation-state targeting US and European Union agencies, which uses Follina. The Proofpoint researchers said the malicious spam messages were sent to fewer than 10 Proofpoint product users.

    Continue reading

Biting the hand that feeds IT © 1998–2022