Samsung Galaxy Phones Were Vulnerable to ‘Find My Mobile’ Flaws

After researchers discovered four critical flaws with the Find My Mobile on Samsung Galaxy devices, the company fixed them quietly and pushed the fixes without anyone finding out until DEFCON 2020.

Phone and OS manufacturers release new updates frequently. The vanilla version of Android has monthly security updates, with many of them trickling down to various other manufacturers like Samsung.

Security researchers from Char49 discovered the four critical flaws, which affected the Find by Mobile feature in Samsung the Galaxy S7, S8 and S9. Attackers could force a factory reset, get real-time location tracking, retrieve phone calls and messages, lock the phone and more.

The researchers figured out a way to trick the Find My Mobile feature to use a different URL to communicate with the Samsung servers. Of course, the bad actor impersonates the management server, which allows for complete control.

“At server side, the attacker has lots of sensitive information. To start, the victim coarse location via the IP address of the request, but also several PIIs, both registrationId (from the 2 requests) and the victims IMEI,” say the researchers.

“This alone allows for user tracking. The attacker also gets, among others, device brand, API level, backup apps and several other information not important for this attack scenario. The interesting is that we are in the control of the server response and the response is full of URLs. By changing the response to an attacker-controlled endpoint, the attacker has now leveraged from one to almost all connections that FMM uses and can MitM all of them,” he continues.

When all the vulnerabilities are chained together, a man-in-the-middle attack is possible, exposing personal information entirely to the people controlling the management server. Samsung fixed the issues last year, but researchers revealed them in a presentation during DEFCON 2020.

This is one more reason to always keep your devices up to date, especially those in the IoT ecosystem. While not all developers are quick to fix security issues, it’s always good when some of them choose to issue fixes as soon as possible.