Samsung Ransom Exploit

[Mew]

Looks like Samsung isn't immune to having your phone being held ransom.

The warning came from the National Institute of Standards and Technology (NIST), a U.S. government agency under the U.S. Department of Commerce umbrella.  The vulnerability pertains to the "Find My Mobile" feature, which was introduced this year with the launch of the Galaxy S5. 

 

According to the NIST security advisory on the bug (CVE-2014-8346):

 

The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (screen locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic.

 

The NIST advisory rates the zero-day bug using the Common Vulnerability Scoring System (CVSS).  It assigns it a 7.8/10 in terms of vulnerability 6.9/10 in terms of impact, and 10/10 in terms of exploitability.   - See more at: http://www.dailytech.com/Samsungs+Remote+Wipe+Could+Let+Hackers+Hold+Your+Phone+Ransom/article36790.htm#sthash.VGQTZe0s.dpuf

 

 

I find exploits like this and the one on Apple's Find my iPhone to be exceptionally dirty- exploiting such a useful tool that the manufacturer spent time on out of the goodness of their hearts. I hope Samsung is able to fix this quickly.

 

Source: http://www.dailytech.com/Samsungs+Remote+Wipe+Could+Let+Hackers+Hold+Your+Phone+Ransom/article36790.htm

[Techhog]

Welp, that makes me more comfortable choosing the Nexus 6 as my new tablone.