Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security Android Cellphones Privacy

Samsung Cops To Data Breach After Unsolicited '1/1' Find My Mobile Push Notification (theregister.co.uk) 42

An anonymous reader quotes a report from The Register: Samsung has admitted that what it calls a "small number" of users could indeed read other people's personal data following last week's unexplained Find my Mobile notification. Several Register readers wrote in to tell us that, after last Thursday's mystery push notification, they found strangers' personal data displayed to them. Many readers, assuming Samsung had been hacked, logged into its website to change their passwords. Now the company has admitted that a data breach did occur.

Of potentially greater concern is the mystery 1/1 push notification from Find my Mobile, a baked-in app on stock Samsung Android distributions. Although the firm brushed off the worldwide notification as something to do with unspecified internal testing, many of those who wrote to El Reg said they had disabled the app. Stock apps cannot be uninstalled unless one effectively wipes the phone and installs a new operating system -- unlocking the bootloader and reformatting with a new third-party, customized ROM. Samsung did not answer our questions as to how a "disabled" app was able to receive and display push notifications. Nor did it say what other functions this "disabled" app was capable of executing.
A spokeswoman told The Register: "A technical error resulted in a small number of users being able to access the details of another user. As soon as we became of aware of the incident, we removed the ability to log in to the store on our website until the issue was fixed." She added: "We will be contacting those affected by the issue with further details."
This discussion has been archived. No new comments can be posted.

Samsung Cops To Data Breach After Unsolicited '1/1' Find My Mobile Push Notification

Comments Filter:
  • Notifications are sent via google service, app just says google that it is subscribing, and if you disable app - you would still get notification.

    • Re:notifications (Score:5, Insightful)

      by Z00L00K ( 682162 ) on Tuesday February 25, 2020 @08:07AM (#59764472) Homepage Journal

      Overall this shows that the preinstalled apps are a cause for concern - especially if they can't be uninstalled.

  • by gl4ss ( 559668 ) on Tuesday February 25, 2020 @08:09AM (#59764476) Homepage Journal

    You can only disable the stock apps on samsung through their enterprise licensing service(they keep changing the name of that whole scheme but it gives you elevated access to the os. if you have that you can disable built in samsung apps and firewall stuff.

    by the way normally you will see even if you run a vpn the phone calling home in the logs specifically requesting non vpn access to some apps.

    Also what the phone does is phone homes and if the imei matches on a list on pre-enrolled devices it automatically will install whatever mdm software was specified through that service into the phone - look let's just put it in real terms it has a built in backdoor accessible to samsung - much like it would need to have for theft prevention software and such - but the point is that samsung can use this service to push anything it wants on the phone without notifying the user.

    • by Kokuyo ( 549451 )

      And people wonder why I have more faith in a ROM I downloaded from xda-developers...

    • Good info, thanks! Here's a link to the enterprise licensing service sign-up [samsungknox.com].

    • You can disable stock apps. Many stock apps don't let you disable them directly, but if you connect from a computer using ADB, you can issue commands to disable apps for a specific user (i.e., user 0). If you do that, the app doesn't run and is fully disabled.

      I used that to disable the Bixby app so now that stupid button does nothing. I also killed off most of the other apps that I don't use. I didn't kill the one that sent the notification, though; I'll have to look into that.

      • by gl4ss ( 559668 )

        you think so but no you cannot do that on currents through adb on unrooted phone, with earlier androids you could do it for most packages. the bixby hack functionality change through adb is kind of related, but not really. you can disable SOME built in apps but not all. to disable bixby from doing anything you don't need the adb connection hack even, you just need it to change the functionality to some of the possible other functions.

        the point is that there's a bunch of packages that can't get disabled thro

        • by crow ( 16139 )

          At least on my Samsung S8 with Android 9, I can disable anything using the disable-user trick.

          adb shell pm disable-user --user 0 [package_to_disable]

          This is a separate mechanism from the general disable, which does not work on all apps, but the per-user version works on everything.

  • But I have no Samsung account. And I too got the notification.

    I really wish Samsung would allow you to remove their apps. Some are decent but most are duplicative and useless.

  • of either keeping their flagship OS with all the bells & whistles that comes stock on their phones, or the choice of switching to a clean bare bones stock android (including dialer and txt msg app and with only google playstore to let the user select the apps they choose, (i would choose the latter)
    • The preinstalled Samsung crapware is one of the major reasons why I choose to not have a Samsung phone. When I had a Samsung phone, all the background processes spawned by all that crapware slowed my phone by about half.

      My Honor 6x, on the other hand, came pretty bare, with only a minimum of unnecessary apps (Gallery, Themes, Music, Video, Calendar). Its performance two years later is the same as when I first bought it, and at only a third of the cost of my previous, over-priced Samsung). The Honor 6x's

      • by MobyDisk ( 75490 )

        I had a Samsung Galaxy Tab 7" that was so slow out-of-the-box that the on-screen keyboard lagged. Yeraas later I rooted it and found a process that was eating 100% of 1 CPU core. I deleted the file and the problem went away. Almost the same story on my Galaxy S5 - rooted it, and it was like a brand new phone.

  • Now you know why punctuation and compound words were invented.

    • by eepok ( 545733 )

      Use quotes, swap "cops" for "admits", remove "1/1" and it's much more legible.

      From
      "Samsung Cops To Data Breach After Unsolicited '1/1' Find My Mobile Push Notification"

      to
      "Samsung Admits To Data Breach After Unsolicited 'Find My Mobile' Push Notification"

  • A small number like "100", or a small number like "10,000,000"?

It's currently a problem of access to gigabits through punybaud. -- J. C. R. Licklider

Working...