Is your phone secure? Watch Android 6 Marshmallow's factory reset protection get bypassed in less than 11 minutes

Is your phone secure? Watch Android 6 Marshmallow's factory reset protection get bypassed in less than 11 minutes
About a year ago, Google introduced a new feature in Android, called Factory Reset Protection. The feature does just what the name implies – if the phone has been factory reset before you released it from your account, it will remain locked until you log in with your own details again. Prior to this feature getting activated, bypassing the security on an Android device and claiming it as your own was easy – just hold power and volume down, enter the Recovery Mode, and go straight for a factory reset. So thieves may not have been able to snoop around your personal photos, but they could've surely made your Nexus 5 their own property.

Sounds great that factory reset protection was introduced, sure. But, of course, the flora and fauna of Android being as diverse as it is, many smartphone owners could easily end up not having the feature. Some OEMs only applied it to their flagship devices, while others would turn it off in favor of their own solution, which required the user to be aware of said options and navigate not-so-intuitive menus to turn the protection on. And, you can be sure that people quickly figured out ways to bypass the security without much trouble.

So, now, when we are up to Android 6.1 Marshmallow, a build that has native fingerprint scanner support and lots of security improvements, you might think that the Factory Reset Protection has been tightened up a bit. Until you watch this 11-minute video on how to easily bypass it, that is. The process takes a little bit of timing in the beginning, and some intricate navigation through Android's menus afterwards, but it's still doable with no external cables or software needed. It's kind of mindblowing that someone sat down and figured all the steps out, actually, but there you go – it's possible.


source: Rootjunky

FEATURED VIDEO

27 Comments

1. marorun

Posts: 5029; Member since: Mar 30, 2015

Tried this on following devices : HTC M7 running 6.0.1 , HTC M8 running 6.0.1 HTC M9 running 6.0.1 and moto x play running 6.0.1 and its wont work. So is it working only on nexus 6P? if so then its hit very lil ppl. Another android bash article as usual.

4. GreenMan

Posts: 2698; Member since: Nov 09, 2015

Another bash at PhoneArena; As usual... These are SOLID, COLD & HARD facts, not some bloody fairy tale that PhoneArena Team made-up just to anger the likes of you, aka Fandroids... ITS TRUE, DEAL WITH IT... P.S I'm Nexus 5 (Marshmallow) and Lumia 430 (WindowsPhone8.1) User...

7. verbalize

Posts: 150; Member since: May 03, 2013

Wow! I know Android software was weak in the protection area. But Really? That should scare us all.

23. xfire99

Posts: 1207; Member since: Mar 14, 2012

Scare for what? This method bypassing FRP doesnt give the hacker access to u data stored on the phone. 1. Must do a factory reset and wipes everything on phone = data not stolen. 2. It just gives access to using the phone. But when u lose u phone and does it matter what the thief doing with it?

8. matistight

Posts: 1023; Member since: May 13, 2009

It can be easily done on most Samsung devices out there, which damn near everyone has. If it's on marshmallow, you can downgrade the software easily for it to work using Odin. Whole process takes me 10-15 minutes and I can make your "protected phone" mine. By putting this on blast though, Google might work on fixing this issue.

16. Ezio2710

Posts: 548; Member since: Aug 22, 2015

I think they should add Nexus 6P to the tittle

22. Proxy.from.Deep

Posts: 26; Member since: Jan 09, 2015

all this "bash" iz about the platforms . i mean which cpu runs inside your phone. each and every of them ( cpu models and manufacturers ) have some advantages and dis-advantages . if some hack work on one device - it doesnt mean that it will work on another . it`s all about the details (c)

3. GreenMan

Posts: 2698; Member since: Nov 09, 2015

Here was my reply in "Los Angeles Police successfully hacked into iPhone 5s......" And you don't even have to unlock an Android... Just plug it into your laptop, do some technical Mumbo Jumbo and bingo! Hence we never hear about them... Although Blackberry, Black Phone and Zeeneth are definitely an exception... @ibend @perfectnine @iApologistsAreRetards @yoosufmuneer I was told: "Is there a possibility that you are the dumbest person walking the face of the earth?" Who is laughing now, eh? Me! Who is crying like a baby now? You all! I'm an ANDROID USER, but I accept the fact that Android has ZERO security... DEAL WITH IT...

5. Zack_2014

Posts: 677; Member since: Mar 25, 2014

How about Samsung's KNOX :)

10. Wiencon

Posts: 2278; Member since: Aug 06, 2014

Your posts are even more idiotic and annoying than Techie's

13. GreenMan

Posts: 2698; Member since: Nov 09, 2015

@Wiencon Instead of personal insults; why not prove me wrong instead??? Come-on little one; I dare ya... I DOUBLE dare ya...! Don't be such a Fandroid, lad... Accept the truth and set yourself free...

25. ibend

Posts: 6747; Member since: Sep 30, 2014

hello there... miss me already? lol but seriously man, did you use android? since it looks, you didnt know a thing about android :-/ I'll make it short first.. it wont work on all android phone.. (especially with samsung's KNOX, and other brand's locked bootloader) 2. even if it works, all it does is factory reset.. everything inside storage gone forever, and so is your personal stuff.. 3. and any data recovery tools wont work on that storage, since that storage is encrypted before factory reset,, (and microSD is also encrypted if its adopted)

26. yoosufmuneer

Posts: 1518; Member since: Feb 14, 2015

"Just plug it into your laptop, do some technical Mumbo Jumbo and bingo!" Wrong lol. When password protected, you can't access the phone via the laptop. Ok, this is my real situation. My S4 got locked (Forgot Password). Give me an option to bypass lockscreen WITHOUT losing my data. Seriously My phone has been waiting in that condition for days and I don't want to lost my precious data.

27. james2841

Posts: 167; Member since: Dec 10, 2014

You can only really do that with a device with USB debugging on (DEFAULT IS OFF). Plus it shows you a warning when enabling it (DEFAULT IS OFF FOR DEBUGGING UNLESS IT IS CYANOGENMOD WHICH HAS DEBUGGING ON).

29. james2841

Posts: 167; Member since: Dec 10, 2014

With USB DEBUGGING on you can use commands like "ADB SHELL PM --GRANT PERMISSIONS (package name)"... etc without usb debugging and charge only is set (set as default for usb connections in android 6+) (computer requests id for device plugged in) (computer sees no request and thinks its a rechargeable battery pack)

30. james2841

Posts: 167; Member since: Dec 10, 2014

that 'technical Mumbo Jumbo' can only be done with usb debugging on (not including samsung or lg devices that use a strange recovery partition)

6. legiloca

Posts: 1676; Member since: Nov 11, 2014

Android 6.1? you mean 6.0.1?

9. XDAdam

Posts: 276; Member since: Feb 03, 2016

Well I guess Google wont be getting ordered by the FBI anytime soon to unlock an Android phone...

12. AlikR

Posts: 45; Member since: Sep 05, 2013

Not exactly sure why everyone is scared here... your ORIGINAL data are still protected. The only thing he did was to wipe out one account and replace it with another. Granted that your phone is no longer yours but I am not seeing much issue to get all paranoid.

14. isprobi

Posts: 797; Member since: May 30, 2011

Before I sold my Nexus 6 to a friend I updated it to Android 6. But after the update it insisted I had to enter the security password to unlock the phone but no keyboard would pop up so I could type it. I noticed that between each try I saw the Home Screen flash on for a fraction of a second. So the next time it did that I kept hitting the home button and it let me in. I went to settings turned off security and I was in. I have no hacking experience. Security on Android is a joke.

28. james2841

Posts: 167; Member since: Dec 10, 2014

did he have a custom lockscreen?

15. TA700

Posts: 83; Member since: Mar 29, 2013

So long thieves cannot access my info, I'm fine with it. In fact, I'll disable such a feature because of past bad experiences of getting myself locked out of my device cos I forgot the password.

17. darkkjedii

Posts: 31596; Member since: Feb 05, 2011

This video is fake, only iOS can be bypassed or hacked. Android is impenetrable.

19. isprobi

Posts: 797; Member since: May 30, 2011

Glad I kept my BB Passport as Android keeps getting worse with each release IMO.

20. Freeza

Posts: 95; Member since: Apr 03, 2016

Well, that will happen only if the device is lost or stolen. Data is secured. Nothing to worry about, for me.

21. isprobi

Posts: 797; Member since: May 30, 2011

I guess you did not watch 60 minutes a couple of weeks ago. After only being given a phone number hackers obtained all kinds of data and could control the phone. This was an iPhone but the hack works on any phone since it goes through a flaw in cellular network.https://www.youtube.com/watch?v=zGUR6kao9ys

24. RAV4CAD

Posts: 96; Member since: May 03, 2016

Google will patch this in the next marsmallow update.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.