Exploit lets remote attackers lock your Samsung phone

Samsung Galaxy Alpha

If you're using Samsung's Find My Mobile service to keep tabs on your Galaxy phone's whereabouts, you may want to stop using it for a while. Both NIST and security researcher Mohamed Baset are warning about an exploit that lets evildoers remotely lock, ring or wipe Samsung smartphones. As it turns out, Find My Mobile doesn't validate the lock code information it gets -- an attacker just has to flood the target device with network traffic to get control. Since the locator tool normally turns on when you sign up for a Samsung account, there's a real chance that you're vulnerable.

We've reached out to Samsung for its take on the vulnerability, and we'll let you know what it has to say about a fix. For now, though, the only surefire way to avoid any rude surprises is to turn off Find My Mobile altogether and take the chance that you won't be mugged. You might not want to visit any dark alleys in the near future.