Three cross-site request forgery vulnerabilities were discovered which give attackers the ability to carry out their hidden commands while unsuspecting users are logged in to their Samsung account. The three vulnerabilities all have separate functions. The first allows attackers to changer profile details of victims. The second disables two factor authentication along with the third that has the ability to change the accounts security question and could eventually lead to a total takeover of the account. If the attackers are able to complete the task of taking over the account, they could track the user, control smart devices, access health data, and access private notes.
Analyst Notes
Users should always pay attention to the sites they log into and give their information to. Users should make sure that their browser is not remembering their passwords for future use. If they believed their information and account has been compromised, they should contact their cell service and cancel the account or change credentials.
