Flaws in Samsung have made users vulnerable to attacks

Samsung logo with flaws
Compartilhar no facebook
Compartilhar no twitter
Compartilhar no linkedin
Compartilhar no reddit
Compartilhar no whatsapp
Subscribe to the Gatefy Blog

Three flaws already patched were found recently in Samsung’s mobile site. They’ve made Samsung users vulnerable since hackers could gain access and control over the user accounts and information.

“Due to the vulnerabilities, it was possible to hack any account on account.samsung.com if the user goes to my page. The hacker could get access to all the Samsung user services, private user information, to the cloud”, explained the bug-hunter Artem Moskowsky to The Register.

The bugs were all cross-site request forgery (CSFR) and happened due to security problems involving the questions to reset password. More precisely the Samsung.com web app was not correctly verifying the “referer” header, which would allow any site to have access to important data.

In other words, after exploiting the CSRF flaw and changing the security questions to any other he desired, the attacker would have full access to the user profile, with the possibility to disable the two-factor authentication and change the user name and password.

Samsung paid Moskowsky USD 13,300 for finding the bugs. In October, he earned USD 20,000 for having found a bug in Steam. 

Phishing & Spear Phishing
Download our ebook to understand the difference between phishing and spear phishing attacks.
Share this article
Compartilhar no facebook
Compartilhar no twitter
Compartilhar no linkedin
Compartilhar no reddit
Compartilhar no whatsapp
Subscribe to our news
Don't forget to share this post
Compartilhar no facebook
Compartilhar no twitter
Compartilhar no linkedin
Compartilhar no reddit
Compartilhar no whatsapp
Related Articles