Serious Vulnerability Discovered in Samsung Galaxy S4’s Cloud Service
We all know and love the Android king, the Samsung Galaxy S4. Sales are booming and everything looks just peachy, Samsung also prepared various versions of its current flagship, like the Galaxy S4 Google Edition, the S4 Zoom, the S4 Active and the like.
But be aware of the fact that if you are the proud owner of a Samsung Galaxy S4, you may be a victim of abuse. A very serious security vulnerability was revealed in the Korean flagship, and it consists in the possibility of sending text messages from a hacked S4 without the owner ever knowing it.
The security issue was discovered and highlighted by an antivirus company from China, Qihoo 360 Technology, and they told us that the vulnerability has to do with the “cloud backup” option, which is present in the Samsung Galaxy S4 and it can be exploited and abused, because it’s not secure enough.
The hole in the cloud backup security was first discovered about two weeks ago and those who revealed it contacted Samsung Mobile immediately, reporting the issue. According to sources inside the company, Samsung is working on the matter and it is expected to launch an update which will take care of the problem as soon as possible.
The security vulnerability may be exploited by a malicious app, downloaded via a counterfeit link or something like that, and it could be possible that the attacker will send fraudulent SMS’s from your Galaxy S4, like scam messages, or he can order premium rate services via the same short text messages, billing you for them. That’s already a classic, nothing to see here, moving along.
Another cool thing about the cloud backup vulnerability is that the hacker can stole your identity and send fake SMS’es, allegedly coming from you, to everyone in your contact list, scam messages, that is, the phishing kind. The victims will receive counterfeit links in the messages coming from you, which may be used to collect their private information, credit cards, DoB and the like.
The Chinese antivirus company advised its clients to disable the cloud backup feature in the Samsung Galaxy S4 when it’s not used, in order to prevent hacking. Also, they developed a temporary fix, until Samsung will released the security patch.
Source : TheHackerNews