The audit allowed the team of the Portuguese company to find a series of vulnerabilities that, combined and through the Find My Mobile application, paved the way for attacks that seriously compromised the security of data stored on smartphones.
It was carried out in 2019, still on the Samsung S8, and the flaws were communicated to the brand and are now resolved. Despite having been identified in this equipment, the problems also affected the versions of the Samsung Galaxy S7 and S9.
CHAR49 revealed the research process (detection and resolution) of flaws that allowed malicious applications to take control of Samsung devices.
The flaw made it easier to reinstall factory settings, stealing SMS messages, call logs and locking the device with the PIN. To do this, he used the features of the Find My Mobile application, which Samsung developed so that the owners of the equipment could locate their phone or tablet, protect their data and even unlock the device in case of forgetting the pattern, PIN or chosen password.
After the problem was identified, CHAR49 developed a proof of concept (PoC) application and the server-side code needed to implement this attack, disclosing the vulnerabilities to Samsung, worked together to correct the flaws.
The updates were then sent via the Galaxy Store, so it is now important for users of Samsung devices who have not yet updated their phones to confirm that they are running the latest version of the Find My Mobile application.