A security hole in the Samsung Galaxy S4 and the Galaxy Tab 3 that allowed access to sensitive user data such as names, addresses, passwords from the Samsung accounts, has been fixed in a software update.
Mediatek Digital was the first to discover this issue when it ran security tests on these Samsung devices. It later informed Heise Security, a German news outlet that deals with security issues and they were able to replicate the issue and confirm the glitch. Obviously with so much data at risk, Samsung users were in grave danger of facing financial damage or identity theft.
Heise reported the matter to Samsung. And within five days of receiving the complaint, the Korean phone maker issued a public statement to notify that the issue has been fixed. At the moment, we have to take the company's word for the fix, as there hasn't been any independent confirmation of the same.
The Galaxy S4 security hole patched, says Samsung
The glitch reportedly not only gives access to personal data but also allows attackers to record and track the user's movements and reported back all of the locations they've recently visited. Moreover, it also allowed potential hackers to lock a user out of their device and redirect calls.
The security vulnerability also made it possible to sniff out data while being in the same WiFi network of the device. So anyone recording the data flow of Samsung's registration servers or nearby WiFi networks can get their hands on details of the user's accounts. Since a Samsung account is also tied into the Find My Mobile service, attackers could potentially wipe the device without any user involvement.