Now anyone can bypass the Android Factory Reset Protection on Samsung smartphones

Now anyone can bypass the Android Factory Reset Protection on Samsung smartphones
Among the many new features introduced with Android 5.0 Lollipop, Google also rolled out a new feature meant to prevent smartphone thefts. Called Factory Reset Protection, the security system was supposed to prevent thiefs from re-selling a stolen Android phone.

In theory, the Android Factory Reset Protection makes it nearly impossible for a potential thief to activate a new Google account if a factory reset has been performed. In practice, however, it looks like tricking the system doesn't require too much hard work, at least not if the thief got his hands on one of Samsung's Android smartphones.

An Android developer known as RootJunky came up with a method to bypass the Factory Reset Protection on Samsung devices. RootJunky's method exploits a flaw in the way that Samsung's Android implementation responds when a USB storage device is plugged in: whenever Samsung phones detect that a USB storage device, they automatically launch the File Manager app. 

While Samsung probably thought that users will appreciate that the File Manager app opens right after a USB storage device has been connected, the problem is that this behavior is maintained during the phone's setup process. RootJunky's exploit makes use of this behavior by loading an APK file on an OTG USB drive, plugging the drive into the Samsung smartphone, then opening the APK when the phone automatically launches the File Manager. The app will perform a second factory reset on the phone, at which point the Android Factory Reset Protection system will have been bypassed.

In the demonstration video below, you can see that it only takes a few minutes to bypass the Factory Reset Protection on Samsung smartphones:



What do you guys think? Are you disappointed that Samsung screwed up with this essential anti-theft feature?

source: RootJunky via 9to5Google

FEATURED VIDEO

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless