By B.N. Frank
Are smartphones and other “smart” devices more trouble than they’re worth? In addition to the recent discovery that government tracking software was installed on hundreds of mobile apps, Samsung is now fixing flaws on their Galaxy smartphones that allow spying AND data wiping.
Four critical-severity flaws were recently disclosed in the Find My Mobile feature of Samsung Galaxy smartphones, which if exploited could allow attackers to force a factory reset on the phones or spy on users.
Researchers have disclosed a slew of critical-severity, patched flaws in flagship Samsung smartphones – including the Galaxy S7, S8 and S9 models. The vulnerabilities specifically stem from Samsung’s “Find My Mobile” service, a feature built into the smartphones allowing users to locate their devices if they lose them.
Researchers with Char49, who discovered the four glitches, said that if a bad actor convinced a target to download a malicious application onto their device, the flaws could have been chained together to launch various, insidious attacks. These could ultimately have resulted in complete data loss for the smartphone user (via a factory reset). Attackers could also track users’ real-time locations, spy on phone calls and messages, lock users out of their phones, or unlock phones.in a real-life attack, that could mean that “when attacked, the device can be spied on or, in the worst-case scenario, wiped clean of all its data, without the victim even perceiving what was happening, exposing the victim to situations of blackmail and extortion,” said researchers with Char49 in an analysis of the flaws [PDF].
Researchers told Threatpost that the vulnerabilities were first reported to Samsung Feb. 21, 2019, and quietly fixed by the smartphone company on April 7, 2019. However, the flaws were not disclosed until this past Friday, when Char49 researchers presented them during a DEFCON session.
Additionally troubling – there are lawsuits and recalls on several cell phone models due to illegally high levels of radiation (see 1, 2, 3). Of course, even if you don’t use any of these models – there’s plenty of research already that says exposure to ALL cell phones and wireless devices is harmful.