Recently, the security researchers detected a new security vulnerability in the Samsung Phones Find My Mobile app, allow hackers to Perform remote attacks.
This security vulnerability is quite severe as it enables the threat actors to remotely track victims’ in real-time place or location, monitor phone calls, and messages, not only this but it also gets the authorization to delete data that are stored on the phone.
It was detected last week by the security researchers of Char49 in the Samsung Phone. The experts affirmed that those who have a Samsung Galaxy phone or tablet, then they must use the Locate My cellular service as this service grants much-needed reassurance.
The security researchers of Char49 shared all the key details of this vulnerability in the DEF CON conference last week.
- Package: com.samsung.android.fmm
- Application Label: Find My Mobile
- Process Name: com.samsung.android.fmm
- Version: 6.9.25
The Flaws Detected
There are a total of four flaws that have been detected in the Find My Mobile app of Samsung Phone, and here they are mentioned below:-
fmm.prop test file Vulnerability
This vulnerability can be installed on the phone with the help of any malicious app, as these apps change the URL endpoints that the Find My Mobile app uses to interact with the backend servers. Once the URL gets altered, it enables the threat actor to create a man in the middle outline, as it helps in observing the “Find My Mobile calls.”
The second flaw deals with the three exported broadcast receivers that are PCWR receivers, and any permissions do not protect these services. Broadcast receivers enable the applications to receive intent that are broadcastable by the system or by any other applications. So, it helps the threat actor to monitor or control the traffic from the Find My Mobile app.
The third flaw is also generated by one of the broadcast receivers that is SPPRecivers. In this, the threat actors can easily send leverage to the vulnerability by simply sending a broadcast with some specific actions to the broadcast receivers. This helps the attackers to get in and modify the server response so that they can include some actions as per their requirements.
DM SyncML:auth Vulnerability
The fourth flaw was a glitch; it is a base64 coded string that helps to authenticate all the messages from the servers. The researchers detected that an issue in the authentication process enables the server to accept all severe replies.
Experts are still trying their best to solve all these vulnerabilities; however, Samsung has detected many flaws earlier also, and are very successful in determining and solving them. The company asserted that they would surely determine this vulnerability, but until then, they ask all users to be safe and follow all the instructions that are given by them.