According to experts, 113 devices are lost or stolen every minute in the Unites States. Because of the large number of incidents, many phone owners deploy some sort of anti-theft/anti-loss solutions to protect their data or to track down their smartphones in case they get lost.
In the case of Samsung smartphones, the service is called Samsung Dive. The system allows the phone’s owner to pinpoint the whereabouts of the device via GPS and other location acquisition techniques.
In case of Phone theft the Thief can simply broadcast a fake location on Samsung tracking server and mislead Original Phone User/Owner to believe that the phone is genuinely at fake location. The locations can be faked continuously to random places anywhere in the world.
All this happens because Samsung’s Location API’s are completely vulnerable to be manipulated by installing commonly available simple GPS location spoofer on the device.
Another noteworthy thing is that Samsung’s tracking application shows notifications when the device is being remotely monitored.
This simply alerts the hacker or thief. This defeats the very fundamental principal and purpose of a tracking application, which should always work on the principal of hidden remote tracking in case of theft.
Though other applications like AVG and famous tracking application like Lookout also provide similar Services were are also vulnerable to location spoofing but Samsung's own tracking service becomes far more critical and important as Samsung is the device Manufacturer and tracking module comes inbuilt in the phone and most widely used. Since such tracking applications also provide remote data wipe service also, Phone owners always prefers device manufacturers solution instead of a Third party tracking application
Apart from this Location spoofing Vulnerability, To make thing worse, Samsung tracking application also shows notification that device is being tracked remotely. This simply alerts the hacker or thief. This defeats the very fundamental principal and purpose of a tracking application, which should always work on the principal of hidden remote tracking in case of theft.
We’ve contacted Samsung to find out if they’re aware of this issue and if they plan on doing anything to address it. We’ll return with more details once they become available.