(Image: Heise Security)

Samsung's Android devices Galaxy S4 and Galaxy Tab 3 transmitted sensitive data from the registration of a Samsung account, including name, E-Mail address, and even the password when mediaTest Digital, a company that specializes in testing the security of apps and mobile phones, detected and tested the devices for vulnerability.  

The Germany based company notified Heise Security, a German tech news agency, that was able to replicate the problem, who in turn warned Samsung in Korea. Apparently, Samsung took the matter seriously, responded only 5 days later, and announced through their press agency that the security hole has been removed. More details have not been given and so it is not clear whether other Samsung Android devices were or are still affected.

It was possible to sniff out the data while being in the same WiFi network of the device. If intelligence agencies, such as the NSA, would be recording the data flow of Samsung's registration servers or WiFi networks of users, they would have detailed access to a vast number of accounts. A Samsung account is used not only for backups of the device but also, and most importantly, to provide services of Samsung's Find My Mobile, where users can locate, lock, and ring their mobile. This means that if someone hacks your Samsung account's data, he can locate you precisely, record your movements of the past 12 hours, check your calling lists, put call redirects in place, and even lock you out of your device! 

How To Protect Yourself:

If you have set up your Samsung Account already, change your password now using the Samsung Account website, and not your mobile device. If you are new to setting up a Samsung Account, register the account on the website as well for now in case Samsung needs to update more devices with the security fix. 

Source: Personal contact with Sebastian Wolters, founder of mediaTest Digital. Heise