Samsung’s Find My Device feature found on many of its smartphones and tablets may have a security flaw, which could allow criminals to turn its functionality against you. According to security researcher and self-described “bug hunter” Mohamed A. Baset, who filmed the flaw in action, by flooding a vulnerable Samsung Galaxy phone with data, it’s possible to gain control and remotely ring, lock or even wipe the device.

The Find My Device feature is often activated when a new phone is setup, and is linked to your Samsung account, suggesting it’s already up and working on many phones. While you’d probably be very unlucky to be affected by the security issue, it could turn out to be costly should the worst happen.

Related: Samsung hints at iris-recognition security feature

A related post on the National Vulnerability Database website discusses the flaw. It calls the complexity “low,” which means it’s not that hard to perform, and that the affected software is either enabled by default, or in wide use. According to the entry, Samsung’s software doesn’t look at the source of any lock code data it receives, and it’s this problem which hackers could use to break into the Find My Device program.

While a fix will almost certainly come from Samsung in the future, in the meantime, some may want to disable the Find My Device feature on their Samsung hardware. If you’re not sure if it’s even running on your phone, here’s how to check. Find the Settings button, and select Security under the More tab. Find My Mobile should be listed, and under it you’ll see the Remote Controls option. By opening this and agreeing to the conditions, you’ll find a toggle for turning the feature on and off. This guide is applicable to most Galaxy phones running Android, but for more information on your personal device, you can check Samsung’s website here.