"Flaw in Find My Mobile App Exposed Samsung Users to Hacking Attacks"

Security researchers at Char49 found vulnerabilities in version 6.9.25 of Samsung's Find My Mobile (FMM) service. The FMM application is intended to help users locate their Samsung devices if they lose them. The exploitation of these vulnerabilities could allow a malicious application to take over the communications between the FMM application and its management servers. A range of malicious activities could be executed through the abuse of flaws in the FMM application, including resetting phones to factory settings, locking phones with a custom message, as well as stealing SMS messages, call logs, and more. The flaw-ridden version of FMM was discovered in  Samsung Galaxy S7, S8, and S9 smartphone models. This article continues to discuss the vulnerabilities found in Samsung's FMM application, the attacks that could be performed against users by abusing the flaws, and other findings surrounding the masquerading of malicious applications as popular applications to hijack Android devices.

TEISS reports "Flaw in Find My Mobile App Exposed Samsung Users to Hacking Attacks"