back to article Samsung cops to data leak after unsolicited '1/1' Find my Mobile push notification

Samsung has admitted that what it calls a "small number" of users could indeed read other people's personal data following last week's unexplained Find my Mobile notification. Several Register readers wrote in to tell us that, after last Thursday's mystery push notification, they found strangers' personal data displayed to …

  1. Steve Graham

    No wipe

    It's not necessary to wipe the phone and its system software to remove "system" apps which are pre-installed if you can gain root access. Simply moving the app from the system folder to the general one converts it to a normal app which can be uninstalled.

    1. Charlie Clark Silver badge

      Re: No wipe

      I think the key remark there is if you can root the phone. That's become increasingly difficult with phones, partly down to Samsung's efforts to sell its phones to corporate customers.

    2. JimboSmith Silver badge

      Re: No wipe

      I deleted the app from my Xcover 4 after this little incident. Not sure if it's a system app as it no longer exists on my phone to check. I don't have a Samsung account either for that matter. Maybe you have to buy a top of the range phone for that app to be undeletable.

  2. Robert Helpmann??
    Childcatcher

    Lost in Translation

    ...it remains to be seen whether Samsung's definition of "small number" is the same as that of the rest of the world.

    Perhaps the original phrase was in terms of percent rather than overall numbers. 10% of their customer base is a significant but not large relative amount, but quite large in absolute terms considering the number of folks buying from them.

    1. Khaptain Silver badge

      Re: Lost in Translation

      According to Statista Samsung shipped around 250 000 000 phones in 2019 alone... So even 1% relates to a lot of people

      Definitely not something to be sneezed at ( No need for COVID-19 puns)

      1. big_D Silver badge
        Paris Hilton

        Re: Lost in Translation

        The question still remains, how many millions of emails did The Register receive last week. ;-)

    2. eldakka Silver badge

      Re: Lost in Translation

      Perhaps the original phrase was in terms of percent rather than overall numbers.
      If that was the case, I would have expected different phrasing, like "a small proportion" or "a small percentage". To me, at least, a "small number" is referring to absolute quantity terms, not relative proportions.

      1. rskurat

        Re: Lost in Translation

        yes, but this is corporate communications we're talking about. Lying is their job.

  3. fnusnu

    More weirdness

    Did anyone else see a weird app get updated just after the 1/1 message incident? I think I am going mad as I can't see it listed. It was a Galaxy store update for something like 'image annotate' with an icon similar to the gallery icon flower thing.

    1. overunder Silver badge

      Re: More weirdness

      I did and I ignored it. Both came in very close to each other so I assumed I was hacked.... until I got on the net.

      I'm guessing, but I believe this 1/1 was to test if the phone could be found by a government entity. My software was disabled as well, so somebody has keys and is playing with locks. Also, the notification for me was more like...

      1

      1

      ... and not 1/1 (there was no forward slash).

      1. Boris the Cockroach Silver badge

        Re: More weirdness

        Thats what I saw too

        1

        1

        Then it went out

        From the 'find my phone" app.. the one thats turned off(though not uninstalled) on my phone and no samsung account on it either..

        However on a quick straw poll of samsung mobile owners yesterday , all of them saw the notification.....

        1. jonsjava

          Re: More weirdness

          My son, my wife, and myself all saw this. Just on our phones.

          Being paranoid and not checking the web, I decided to check for authenticated devices. I had one that Google said authenticated the same time the incident occurred. It just said "Android Device". Had my wife check, and she had one from the same time. This time, from what was purported to be an LG device. We've never had an LG device.

          Check active devices on your accounts.

          http://google.com/devices

          1. Tomato Krill

            Re: More weirdness

            On my acc at least, 'Android Device' means Firefox on my Galaxy phone...

          2. This post has been deleted by a moderator

      2. This post has been deleted by a moderator

    2. ThatOne Silver badge

      Re: More weirdness

      > It was a Galaxy store update

      Got that update, but no notification of any kind. Then again my phone is mostly powered off since I'm mostly sitting next to an old-fashioned land line people can use to call me.

  4. JohnFen

    "small number"

    Any time a company is reporting a breach that affects a nebulous "small number" of users, rather than giving even a rough idea of how many people were affected, I don't believe the number was small. If it actually was small, they'd cite the number itself.

    1. Anonymous Coward
      Anonymous Coward

      Re: "small number"

      "We have no evidence that the breach has led to customers losing money"

    2. Charlie Clark Silver badge

      Re: "small number"

      Well, fortunately, within the EU and California at least, this kind of thing is much easier to take up in the courts with refusing to disclose the extent of any breach now part of the offence.

  5. John Brown (no body) Silver badge

    a small number of users

    Dear Samsung,

    Please provide an actual number, accurate to the nearest integer,

    Since it's a "small" number this should not be a particularly onerous task.

    Thanks.

    1. 96percentchimp

      Re: a small number of users

      I really hope it's an integer. 0.5 users would be messy.

      1. Frumious Bandersnatch

        Re: a small number of users

        You are Eric the Half a Bee and ICMFP

        1. gerdesj Silver badge

          Re: a small number of users

          Inflation has taken its toll. Here's your £5 in today's money: 2/6.

  6. IGotOut Silver badge
    WTF?

    Missing another bigger issue.

    If this app is disabled, but possibly not.

    Is this to say ALL Android disabled apps have the potential to work? For example, all of Google's shit I have disabled.

    1. ThatOne Silver badge
      Holmes

      Re: Missing another bigger issue.

      > If this app is disabled

      Well, devil's advocate here, but one of the points of the "find my phone" service is to potentially track stolen phones, in which case it would be stupid if the thief could simply disable the service.

      I wouldn't be surprised if all those "find my phone" services (Samsung's, Google's) can't really be disabled, or at least can be remotely enabled again. Privacy considerations put aside, it would make sense.

      1. Anonymous Coward
        Anonymous Coward

        @ThatOne - Re: Missing another bigger issue.

        Good point! however, the proper way to do this is to prevent you from disabling the app but offering you the choice of activating it or not when you purchase the phone. Allow the user to opt-in to this service.

  7. MotionCompensation

    Disabled app receiving notifications

    Samsung did not answer our questions as to how a "disabled" app was able to receive and display push notifications.

    Apps don't receive or display push notifications, the OS does, a.f.a.i.k. The OS knows which app should be started should you decide to tap on the notification and pulls the icon from that app. Seems that "disabling" the app does not unsubscribe from notifications.

  8. Cave-Homme

    Time to revert to a simple dumb phone.

    1. Anonymous Coward
      Anonymous Coward

      @Cave-Homme - You don't deserve the down-votes

      They must come from digital marketing hipsters.

      It is a fair trade, you give up some fancy functionality and in exchange you get privacy and peace of mind. I configured my Samsung Galaxy S10 to be as close as possible from a dumb phone. Yes there is some inconvenience but to me personally it's well worth it.

    2. iRadiate

      Go on then. I dare you to revert to a dumb phone. :)

  9. BoraHorzaGobuchul
    Black Helicopters

    Covid 19 quarantine tracker...?

    It was only meant for the Korean market.

    Find my virus carrier. Make sure they're not out and about spreading it??

    1. Anonymous Coward
      Anonymous Coward

      Re: Covid 19 quarantine tracker...?

      Good point. I was assuming sticky fingers from a trainee hitting "send to all" instead of the test phone they had for development... but now I heard that story it makes much more sense the trainee hit "send to all" global instead of country wide.

      Great that they can use the feature for good... but as I'm human I may also not take my phone with me all the time anymore as anyone with a grudge and in power can now crack down on anyone they want.

  10. Anonymous Coward
    Anonymous Coward

    When I worked for a bank, their official response/notification to the public about any outage was always "a small number of customers may be affected", This was even the case when an entire datacentre went black and NO ONE could connect to the website or use internet banking at all.

    fwiw I got this "1" find my mobile message too, and I suspected someone had somehow hacked my phone, so immediately put in into airplane mode.

    1. Anonymous Coward
      Anonymous Coward

      I must be too cynical

      I immediately assumed it was a bugged update/push notification... but that's because I'm transitioning from buggy Windows 10 and over to Linux. (At least the errors in my Linux install are my own fault. And no I'm not turning it into an OS wars... just noting all software has bugs)

    2. 's water music

      When I worked for a bank, their official response/notification to the public about any outage was always "a small number of customers may be affected", This was even the case when an entire datacentre went black and NO ONE could connect to the website or use internet banking at all.

      Well, if you start from an assumption that only a small number of people are using internet banking at any given time then there is some basis for the claim. If you looked at access logs for the period to try and put a number on it they aren't going to contradict you by definition.

      Hey, corp comms isn't so hard after all

  11. Kevin McMurtrie Silver badge
    Mushroom

    Samsung's "off" means activated

    The Samsung shovelware does not grant access to settings until you log in. Turning the constant advertisements off requires creating a Samsung Cloud account, agreeing to many bad things, and then logging apps in. These apps will now stop asking to be turned on but they remain logged in and active. They remain active even after Samsung says that your account has been closed.

    Really disabling Samsung's shovelware requires Package Disabler Pro or some ADB work. Even so, there are numerous background tasks with vague names that are still active.

  12. This post has been deleted by a moderator

  13. This post has been deleted by its author

    1. Jess--

      Re: Push

      I read it as Samsung will contact the customers whose details were leaked to other users trying to log into their systems (claimed around 150 users) rather than everyone who received the alert

  14. Weirdism

    Not just phones.

    I have two Galaxy phones - a Note8 for work and an S9 for not being bugged by work people on my days off.

    I also have a dusty old A6 tablet I'm running into the ground and that also received the notification, but a few days later on 23rd Feb.

    Curious all the commentary has been about phones.

  15. Anonymous Coward
    Anonymous Coward

    My Expirience with NOTIFICATION 1

    First of, both my Galaxies are clean devices, apps only from playstore and galaxy store, never sideloads. Both of them protected by Norton Antivirus payed version. Wireless Routers have different login names and passwords both protected with antivirus ‘Trend Micro’ and active firewall on IPV4 and IPV6 level.

    My homecomputer has Norton 360 (payed version) firewall activated on IPV4 and IPV6.

    I experienced a sluggish network since Notification 1; computers running extremely slow, streaming services stuttering, pin machines refusing service, tv decoders flipping, router using it’s processors up to 100%, alternating between the two cores. Router freezes ups, etc. I contacted my isp but the network was fine at the doorstep.

    I started experimenting with both my galaxies (Flagships).

    I have set the wireless-router/ap at factory settings with new admin and wifi logins, ensuring a safe network. I ran this network without any issues for up 48 hours, no galaxies hooked onto it. Then I hooked my galaxies to the network and within the hour the problems started to reappear. This I did many times over to ensure my Galaxies were interfering/messing with my network, and they WERE.

    So, I reinitialised the network wireless router once again fully proteced with firewall and ‘Trend antivirus’. Factory reset the phone only using Google to reinstall backup. Network ran fine with Galaxy on it for 48 hours.

    Then I did a factory reset yet again of my Galaxy, this time reinstalling the backup from my Samsung Account. And within the hour my network was sluggish, inflicted again.

    You can see on your device if it is inflicted. Go to settings – connections – Data Usage – WIFI data usage. When you notice an app (whatever the name) using extreme data (mine up to 12GB on an app called ‘Removed’??) you can be pretty sure that your network is comprimised by your Galaxy.

    I’ve seen this in both my wife’s and my phone. Also close friends of mine show the exact same insane data usage.

    The procedure to follow to clean up your network is following:

    - Log out from samsung account and delete it (needed to avoid third party access yet again and destroy all infected backups)

    - Restore your phone to factory settings

    - Restore your router/ap to factory settings, using new login names/passwords for both admin and wifi, update firmware and set antivirus and firewall active both on IPV4 and IPV6

    - Hook up your Galaxy to the fresh network and restore your phone using only your google account

    - Make a new Samsung Account with new email address and password to get your Samsung App’s

    Your network and phone are now free from infection (I dare not call it a hack but I am pretty sure it is)!

    Also Mobile Network data is used as long as your device is infected, so make sure you do not run into high bills. Check it and put your phones to Factory Reset! An app called ‘Glaswire’ can help you monitor your networks both Cellular and WIFI.

    There is still one maybe in this procedure and that one arises when you hooked up your Samsung Account with your Google Account. Mine were seperate, so I was unable to check this.

    Again, this is my personal experience, if you have the same issues, this is the source to suspect and you can accordingly set things right again!

    Take care

    Patrick

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021