Friday, November 7, 2014

0-day flaw in Samsung 'Find My Mobile' service

Samsung smartphones users are being warned by National Institute of Standards and Technology (NIST) due to a newly discovered zero-day security flaw found in its 'Find My Mobile' service. The issue occurs due to improper validation of a lock-code data of the sender received during communication. 'Find My Mobile' service provides users to locate their lost devices and allow users to lock down their devices remotely so that no one else is able to access it. Cyber security researcher Mohamed Abdelbaset Elnoby is credited for finding out security vulnerability in the service. The flaw allows remote attackers to lock or unlock the affected device via CSRF attack. <more>

No comments: