Baset, aka SymbianSyMoh, that demonstrate exploiting Cross-Site Request Forgery (CSRF) vulnerabilities in the Find My Mobile service that would allow an attacker to remotely lock, unlock and ring the phone. NIST linked to two proof-of-concept videos posted by Egyptian security researcher Mohamed A. When using “ring my device,” the device rings at maximum volume for one minute even if the phone is on vibrate it can also display a message such as “This is a lost device.” There is also an option for remotely wiping the device. Please keep it for a while, and I will contact you.” Samsung NISTĪs an example, the Find my Mobile how-to for Galaxy S5 suggests that if you lose your phone, then first remotely “lock my device” and display a message such as “This device is lost. It further classified CVE-2014-8346 to have a network exploitable access vector with a low complexity to exploit it requires no authentication in order to disrupt service. With 10 representing maximum impact severity on the Common Vulnerability Scoring System ( CVSS), NIST ranks the base score as high at 7.8, the impact score as 6.9 and the exploitability score at 10. The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (screen locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic.
0 Comments
Leave a Reply. |