Big security flaw lets hackers remotely wipe Samsung phones

Chris Smith
Samsung teases Galaxy S6 with a ‘special’ new feature

Samsung Android phones have been discovered to have a security flaw that allows hackers to remotely control a phone over the Internet, and perform several tasks including locking and unlocking the device, finding its location on a map, displaying a customized message on the screen, and even wiping it without the owner being able to do anything about it. Furthermore, the security flaw could be used in more advanced hacks such as ransom attacks, The Register reports.

FROM EARLIER: Android is open, but not for hackers: 3 key ways Lollipop will keep your data safer

Researcher Mohamed Baset discovered a zero-day flaw in Samsung’s Find My Mobile feature, which should let users find their lost or stolen devices. However, it looks like Samsung isn’t checking where Find My Mobile requests come from, which means hackers can impersonate device owners.

The U.S. National Vulnerability Database acknowledged the hack, giving it a 7.8 out of 10 risk rating.

“The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (screen locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic,” the agency said in an advisory notice.

Samsung has yet to address this particular security issue. A video showing the flaw being exploitedn, uploaded on YouTube by “Baset,” follows below.

More from BGR: Hidden iOS 8 trick stops people from digging through your library when you show them a photo

This article was originally published on BGR.com

Related stories

The world's fastest keyboard is now even cheaper on iPhone and Android

Google appears to be taking steps to merge Android and Chrome

Nextbit's revolutionary new Android software will change the way we use phones and tablets