Reserve the next Galaxy, Get a $50 Samsung Credit. New deals, S25 Ultra, Watch Ultra.
Login or Join

Search

    BEST PICKS BY OUR SAMSUNG EXPERTS
    HOT RIGHT NOW
    galaxy s25 ultra – samsung apps
    Order the King of Android!
    Buy now
    Latest reviews
    samsung galaxy ai
    Feel the power of Galaxy AI in the palm of your hands!
    All About Galaxy AI
    BEST PICKS BY OUR SAMSUNG EXPERTS
    HOT RIGHT NOW
    TV
    samsung qd-display explained
    Mihai Matei Explaining Samsung's QD-Display technology
    Best TV ever
    Trending
    samsung galaxy s24 one ui 7 update
    Everything about the latest version of One UI
    One UI 7.0
    Trending
    Samsung Galaxy AI vs. Apple Intelligence
    Opinions
    20250304_090612
    Your all-in-one post!
    Know what's going on at Samsung
    BEST PICKS BY OUR SAMSUNG EXPERTS
    hot right now
    vacuum cleaners
    samsung-digital-appliances-bespoke-ai-jet-ultra-worlds-most-powerful-cordless-stick-vacuum-cleaner_main1
    Bespoke AI Jet Ultra
    Order yours today!

    Last updated: December 14th, 2018 at 00:02 UTC+01:00

    SamMobile has affiliate and sponsored partnerships, we may earn a commission.

    Samsung fixed a bug that could have allowed hackers to takeover user accounts

    Naresh

    Reading time: 2 minutes

    samsung cloud
    General
    Getting your Trinity Audio player ready...
    According to a report on ZDNet, Samsung fixed a vulnerability in its account management system that could have allowed hackers to take control of any Samsung account by tricking users into clicking on a malicious link. The vulnerability was discovered by a Ukrainian bug bounty hunter, Artem Moskowsky, who reported it to Samsung this month.

    The exploit is classified as a Cross-Site Request Forgery (CSRF) vulnerability – a term used to denote vulnerabilities that allow hackers to hoodwink a browser into running hidden commands on other sites that the users are logged into while they're on the hacker's site.

    Three CSRF vulnerabilities discovered

    Moskowsky discovered three CSRF vulnerabilities in Samsung's account management system – all of which involve a user clicking on a malicious link. The first vulnerability allowed attackers to modify account profile details; the second one permitted them to disable two-factor authentication (if enabled), while the third and the most severe vulnerability let hackers change the user’s account security question and answer.

    Advertisement

    The third vulnerability was catastrophic since Samsung allowed resetting account passwords by answering security questions. This meant an attacker could initiate a password recovery on the account login page and reset the password using the new security question, thereby gaining full access to the user account that can contain private notes, health data, smart home controls, location data, etc.

    Samsung awarded $13,300 to the researcher for discovering these vulnerabilities. It is not clear if these vulnerabilities were actually exploited by any attackers so far.

    Advertisement
    Naresh Nekkanti - Author Image

    Naresh Nekkanti

    Source 1 Source 2 General bugs

    Trending

    All news
    Get your daily Samsung fix!
    One UI 7.0
    Will you get One UI 8.0?
    Galaxy S25 Ultra
    Galaxy Ring
    Galaxy S25 Edge
    Galaxy Z Fold 6
    Galaxy AI
    S95F QD-OLED TV
    QN990F Neo QLED 8K TV
    Galaxy Watch Ultra
    Galaxy Watch 8
    Best Samsung deals in US!
    Best Samsung deals in UK!
    Best Samsung deals in Europe!
    Best Samsung deals in Canada!

    You might also like

    galaxy s9 feature

    Samsung Messages bug that sends photos to random people being investigated

    7 years ago