Samsung Droid smartphone users might want to think twice about using the popular “Find My Mobile” feature.
The National Institute of Standards and Technology (NIST) has issued a warning about a highly exploitable vulnerability to the program that allows hackers to lock the phones remotely.
{mosads}Samsung has not yet commented on the flaw, which NIST scored as a 7.8 out of 10 on its severity scale. By comparison, NIST gave the recent Shellshock bug, which potentially allowed hackers to remotely take over computers worldwide, a perfect 10.
Shellshock affected a software system found in 70 percent of Internet-connected machines.
Samsung makes up roughly a quarter of the smartphone market, leading other manufacturers, according to the International Data Corporation, a market research firm.
NIST explained Samsung mobile devices don’t validate the source of a lock request received over its network. That makes it “easier” for attackers, NIST said.
Egyptian security researcher Mohamed Baset posted two YouTube videos exposing the vulnerability.