Vulnerability That Allowed Hackers to Hijack Accounts Fixed – Video


A security researcher has found a way to hijack accounts. Fortunately, Samsung has addressed the vulnerability identified by the expert to prevent account takeovers.

The expert who discovered the issue is Matthew Bryant. He has found that an attacker can register an account on by using an existent account name and adding extra spaces at the end.

This is registered as a separate account, but if the user who owns this account goes to another subdomain, such as, the spaces from the end of the username are removed.

This means that the attacker can hijack the account of the user who had registered the name without the spaces. Well, this is how an attack worked before Samsung fixed the vulnerability.

For example, if a hacker registered an account with “<SPACE><SPACE>”, he could gain access to the “” account when visiting

Bryant has published a proof-of-concept video to demonstrate his findings.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s