According to a report on ZDNet, Samsung fixed a vulnerability in its account management system that could have allowed hackers to take control of any Samsung account by tricking users into clicking on a malicious link. The vulnerability was discovered by a Ukrainian bug bounty hunter, Artem Moskowsky, who reported it to Samsung this month.
The exploit is classified as a Cross-Site Request Forgery (CSRF) vulnerability – a term used to denote vulnerabilities that allow hackers to hoodwink a browser into running hidden commands on other sites that the users are logged into while they’re on the hacker’s site.
Three CSRF vulnerabilities discovered
Moskowsky discovered three CSRF vulnerabilities in Samsung’s account management system – all of which involve a user clicking on a malicious link. The first vulnerability allowed attackers to modify account profile details; the second one permitted them to disable two-factor authentication (if enabled), while the third and the most severe vulnerability let hackers change the user’s account security question and answer.
The third vulnerability was catastrophic since Samsung allowed resetting account passwords by answering security questions. This meant an attacker could initiate a password recovery on the account login page and reset the password using the new security question, thereby gaining full access to the user account that can contain private notes, health data, smart home controls, location data, etc.
Samsung awarded $13,300 to the researcher for discovering these vulnerabilities. It is not clear if these vulnerabilities were actually exploited by any attackers so far.