samsung galaxy s5 aa (4 of 36)

If you own a Samsung phone, odds are you’ve heard of Find My Phone. A service built in to most recent Samsung devices, it allows users to track, lock, and even ring their phone in case the device is stolen. You may want to think twice about using the service, though, because there is a pretty serious security flaw plaguing the app.

The exploit allows thieves to remotely lock and change the password to your phone, rendering your phone useless. Apparently, Find My Mobile doesn’t actually validate the lock code information it receives. The only thing a hacker needs to do is flood the device with network traffic to gain access to the target device.

The service is turned on by default once you sign in to your Samsung account for the first time, so it’s likely running on your device if you haven’t touched it since startup. It would be smart to disable it for the time being, at least until Samsung issues a fix. To do so, head to Settings > More > Find My Mobile > Remote Controls.

We imagine it’s only a matter of time before Samsung at least issues a statement about this exploit, though it’s less clear how long it will take for the Korean giant to actually fix the flaw. What’s your take on this news? Let us know!