Samsung’s Find My Device feature found on many of its smartphones and tablets has reportedly suffered from a security flaw, which could allow criminals to turn its functionality against you. According to security researcher and self-described “bug hunter” Mohamed A. Baset, who filmed the flaw in action, by flooding a vulnerable Samsung Galaxy phone with data, it’s possible to gain control and remotely ring, lock or even wipe the device.
Updated on 10-29-2014 by Andy Boxall: Added in a statement from Samsung, saying the problem has been fixed.
The good news is, Samsung has fixed the flaw. In a statement given to us, Samsung says the “reported issue occurred on the Find My Mobile website, and was not a problem with any mobile device.” Best of all, Samsung was on top of it anyway, and patched the affected Web UI on October 13. If you were worried about using Samsung’s Find My Device feature, then don’t be anymore.
It was initially a concern because the Find My Device feature is often activated when a new phone is setup, and linked to your Samsung account. While you’d probably be very unlucky to be affected by the security issue, the ramifications could have been costly should the worst have happened.
Details about how it may have affected your phone were published on the National Vulnerability Database website. It called the complexity “low,” which means it wasn’t hard to perform, and that the affected software is either enabled by default, or in wide use.
With news Samsung has fixed the website problem, you may want to re-enable Find My Device on your phone, or just check to make sure it’s still active. Here’s how to do so.
Find the Settings button on your Galaxy phone, and select Security under the More tab. Find My Mobile should be listed, and under it you’ll see the Remote Controls option. By opening this and agreeing to the conditions, you’ll find a toggle for turning the feature on and off. This guide is applicable to most Galaxy phones running Android, but for more information on your personal device, you can check Samsung’s website here.
Article originally published on 10-28-2014