An exploit in Samsung’s ‘Find My Mobile’ service could remotely wipe your phone

If you’re using Samsung’s own ‘Find My Mobile’ service to keep an eye on your phone, you might want to swap over to Android Device Manager pretty soon. As it turns out there’s an exploit that will allow nefarious individuals to remotely access and ring, lock, or wipe your phone.

Apparently Find My Mobile doesn’t validate the lock code information that it receives, so all someone needs to do to gain access is to flood a device with network traffic.

You can see the exploit in action in the videos below, and since Find My Mobile activates as soon as you sign up for a Samsung account everyone with a Samsung phone is likely to be affected.

In the meantime, all you can really do to be safe is to deactivate Find My Mobile altogether. While this may seem like a strange thing to do, there is always Android Device Manager as a back-up system.

Tom Pritchard