Samsung Cops To Data Breach After Unsolicited '1/1' Find My Mobile Push Notification
An anonymous reader quotes a report from The Register: Samsung has admitted that what it calls a "small number" of users could indeed read other people's personal data following last week's unexplained Find my Mobile notification. Several Register readers wrote in to tell us that, after last Thursday's mystery push notification, they found strangers' personal data displayed to them. Many readers, assuming Samsung had been hacked, logged into its website to change their passwords. Now the company has admitted that a data breach did occur. Of potentially greater concern is the mystery 1/1 push notification from Find my Mobile, a baked-in app on stock Samsung Android distributions. Although the firm brushed off the worldwide notification as something to do with unspecified internal testing, many of those who wrote to El Reg said they had disabled the app. Stock apps cannot be uninstalled unless one effectively wipes the phone and installs a new operating system -- unlocking the bootloader and reformatting with a new third-party, customized ROM. Samsung did not answer our questions as to how a "disabled" app was able to receive and display push notifications. Nor did it say what other functions this "disabled" app was capable of executing. A spokeswoman told The Register: "A technical error resulted in a small number of users being able to access the details of another user. As soon as we became of aware of the incident, we removed the ability to log in to the store on our website until the issue was fixed." She added: "We will be contacting those affected by the issue with further details."
from Slashdot https://ift.tt/2SVSk4w
Read more of this story at Slashdot.
from Slashdot https://ift.tt/2SVSk4w
0 Response to "Samsung Cops To Data Breach After Unsolicited '1/1' Find My Mobile Push Notification"
Post a Comment