Three cross-site request forgery vulnerabilities were discovered which give attackers the ability to carry out their hidden commands while unsuspecting users are logged in to their Samsung account. The three vulnerabilities all have separate functions. The first allows attackers to changer profile details of victims. The second disables two factor authentication along with the third that has the ability to change the accounts security question and could eventually lead to a total takeover of the account. If the attackers are able to complete the task of taking over the account, they could track the user, control smart devices, access health data, and access private notes.