Now anyone can bypass the Android Factory Reset Protection on Samsung smartphones

Now anyone can bypass the Android Factory Reset Protection on Samsung smartphones
Among the many new features introduced with Android 5.0 Lollipop, Google also rolled out a new feature meant to prevent smartphone thefts. Called Factory Reset Protection, the security system was supposed to prevent thiefs from re-selling a stolen Android phone.

In theory, the Android Factory Reset Protection makes it nearly impossible for a potential thief to activate a new Google account if a factory reset has been performed. In practice, however, it looks like tricking the system doesn't require too much hard work, at least not if the thief got his hands on one of Samsung's Android smartphones.

An Android developer known as RootJunky came up with a method to bypass the Factory Reset Protection on Samsung devices. RootJunky's method exploits a flaw in the way that Samsung's Android implementation responds when a USB storage device is plugged in: whenever Samsung phones detect that a USB storage device, they automatically launch the File Manager app. 

While Samsung probably thought that users will appreciate that the File Manager app opens right after a USB storage device has been connected, the problem is that this behavior is maintained during the phone's setup process. RootJunky's exploit makes use of this behavior by loading an APK file on an OTG USB drive, plugging the drive into the Samsung smartphone, then opening the APK when the phone automatically launches the File Manager. The app will perform a second factory reset on the phone, at which point the Android Factory Reset Protection system will have been bypassed.

In the demonstration video below, you can see that it only takes a few minutes to bypass the Factory Reset Protection on Samsung smartphones:



What do you guys think? Are you disappointed that Samsung screwed up with this essential anti-theft feature?

source: RootJunky via 9to5Google

FEATURED VIDEO

23 Comments

1. Zylam

Posts: 1816; Member since: Oct 20, 2010

Good to see they are improving their security. Cue the apple is even worse and humanity must be saved from using apple devices. 3D touch is also a gimmick until the S7 has it, in which case it will be "innovate" "better" and "not copied". Google needs to step in and create a base layer before the skins are applied for the security of android, exploits are getting worse.

3. Norris

Posts: 121; Member since: Jun 26, 2015

Do you even use android?You are an apple fanboy so you are never going to get an android device,then why care?All you can do is come into an android article and claim how poor Google's implementation is for everything.For you nothing is perfect except Apple products.

10. Zylam

Posts: 1816; Member since: Oct 20, 2010

I like Android better than iOS by miles, I hate Samsung, they're the worst thing to happen to Samsung. Nexus are some of the best phones each year.

11. Zylam

Posts: 1816; Member since: Oct 20, 2010

*Android. But once htc regains it's foot hold, we'll have good looking Android phones again and not the usual Samsung ripping off the iPhone.

23. Deicide

Posts: 82; Member since: Jul 02, 2011

HTC One A9 *cough cough*. Haven't seen an OEM do that much copying in a long time.

13. Wiencon

Posts: 2278; Member since: Aug 06, 2014

This is biggest butthurt I've seen in a while from teenage fandroid. "OMG! Zylam has his own opinion! He must be iSheep, I know that, I will bash him until he admits his mother owns Apple product that must mean that he is iSheep right?" I'm sure that's what's basically in your head

22. Blazers

Posts: 742; Member since: Dec 05, 2011

Yeah these fanboys make us android users look bad. If you dare to say something negative about Google or android, you are automatically branded an "iSheep" or Apple fanboy. What a bunch of idiots lol

14. promise7

Posts: 894; Member since: Jul 03, 2013

"Do you even use android?You are an apple fanboy so you are never going to get an android device,then why care?All you can do is come into an android article and claim how poor Google's implementation is for everything." Replace Android/Google with Apple and vice versa and you have a "Android fanboy."

9. tedkord

Posts: 17356; Member since: Jun 17, 2009

Actually, it looks like the only one cued was you as usual.

2. CX3NT3_713

Posts: 2350; Member since: Apr 18, 2011

Sweeet!!! Thanks PA

4. tacarat

Posts: 854; Member since: Apr 22, 2013

Hmm. Interesting and disappointing. I wonder if there's anything like that for jailbroken iphones.

5. RoboticEngi

Posts: 1251; Member since: Dec 03, 2014

Hmm too bad a nice feature gets thrown back into their face. But let's be honest, it will get fixed. So I will still sleep at night even though my samsung phone can be opened by everyone at the moment.........

6. D.F.W.M

Posts: 3; Member since: Aug 29, 2012

Lol wow this is nothing new you could do that with every phone...

7. MrElectrifyer

Posts: 3960; Member since: Oct 21, 2014

Haha, same old story, nothing man-made is unbackable by man. Best anti-theft solution is iCaughtU Pro on jailbroken iDevices and GotYa on official Android; take a picture of thief on failed unlock/shutdown attempt and email it to yourself as proof for cops, control SmartPhone's camera/GPS via SMS from a smart/dumb phone, etc.

8. TyrionLannister unregistered

It's a good thing Samsung and Google are doing monthly security patches. These kind of vulnerabilities are good as they help keep securing the system.

17. UglyFrank

Posts: 2194; Member since: Jan 23, 2014

I just got one yesterday :)

12. AlikMalix unregistered

Wow 6 posts. Put Apple in that article and it wil hit 50 within a minute and upwards of 150 by the time this hits the second page of PA

15. uchihakurtz

Posts: 427; Member since: Nov 12, 2012

Wait, wait? Does it mean that you can secure the recovery mode? How do you activate it in Note 4?

16. tacarat

Posts: 854; Member since: Apr 22, 2013

Afraid not.

18. r31gn0fdarkn3ss

Posts: 4; Member since: Nov 09, 2015

although it's easy as hell if you have a rooted device such as myself

19. TechieXP1969

Posts: 14967; Member since: Sep 25, 2013

The problem with this hack is you need 4 things. First you need to have a phone, next you need a PC, then you need the APK and then you need to be smart enough to pull it off. In other words, it isn't going to happen.

21. CX3NT3_713

Posts: 2350; Member since: Apr 18, 2011

Anyone can do this... Like myself, they will google it , and Bam!!!

20. jacoby

Posts: 8; Member since: Aug 02, 2015

Do u know all android phone can happen too? Especially root phone

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.