We don’t normally harp on about Android security, but it seems for 2 days in a row now issues in that OS has demonstrated why its a pretty good idea not to use one of Google’s devices.
Security researcher Mohamed Baset has demonstrated a vulnerability in Samsung’s Find My Mobile feature which lets random hackers lock, ring and wipe your Samsung Android handset.
As it turns out, Find My Mobile doesn’t validate the lock code information it gets — an attacker just has to flood the target device with network traffic to get control.
The feature is enabled by default for anyone who registered for a Samsung account.
The NIST rated the exploit as 7.8/10, the impact score as 6.9 and the exploitability score at 10. It further classified CVE-2014-8346 to have a network exploitable access vector with a low complexity to exploit; it requires no authentication in order to disrupt service.
It is suggested that users disable the Find My Mobile feature until Samsung releases a fix, but I think we can add buying a Windows Phone is a viable solution also.