Android security is a joke: Part 2

Home » News

Reading time icon 1 min. read

Calendar icon Published on

by Surur Davids 

published on

Share this article

Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

We don’t normally harp on about Android security, but it seems for 2 days in a row now issues in that OS has demonstrated why its a pretty good idea not to use one of Google’s devices.

Security researcher Mohamed Baset has demonstrated a vulnerability in Samsung’s Find My Mobile feature which lets random hackers lock, ring and wipe your Samsung Android handset.

As it turns out, Find My Mobile doesn’t validate the lock code information it gets — an attacker just has to flood the target device with network traffic to get control.

The feature is enabled by default for anyone who registered for a Samsung account.

The NIST rated the exploit as 7.8/10, the impact score as 6.9 and the exploitability score at 10. It further classified CVE-2014-8346 to have a network exploitable access vector with a low complexity to exploit; it requires no authentication in order to disrupt service.

It is suggested that users disable the Find My Mobile feature until Samsung releases a fix, but I think we can add buying a Windows Phone is a viable solution also.

Via Engadget and Computerworld.com, Image credit Raffayhackingarticles

Surur Davids

Surur Davids Shield

Smartphone Expert

Surur Davids is the founder of WMPoweruser which later became MSPoweruser.com. He's a smartphone expert with over a decade of experience.

User forum

0 messages