A Flaw In Samsung Phones Allows Users To Bypass Factory Reset Protection
On one side Google is trying to improve security in Android and offers various protection for user data, but on the other side manufacturers like Samsung are messing with the OS, causing all this protection for naught. Recently, a new flaw was discovered in Samsung phones that allows users to bypass the in-built factory reset protection in Android phones.
If your Android smartphone is tied to a Google Account, then the factory reset protection prevents thieves from being able to use your phone after just wiping it clean. Normally, a protected phone will demand you log in to its associated Google account following a factory reset to confirm it is you who is doing the reset. However, a new attack reveals how Samsung devices are vulnerable to an easy work-around.
This attack discovered by RootJunky, who released a video demonstrating how in just 10 minutes he was able to navigate around Factory Reset Protection in a Galaxy Note 5.
On Samsung phones, there appears to be software in place that allows users to access a connected USB On-The-Go (OTG) flash drive prior to completing that step. Basically, if you insert an OTG drive, the OS allows you to open files on it, even when you should be locked into the screen requiring a Google sign-in after the factory reset. To achieve this all you have to do is to put an APK on the OTG drive that does nothing but open up the settings. From there, you can disable the "unknown sources" security feature and install the apk. This will be give you a free reign over the settings.
To finally bypass the reset protection, you just factory reset from the settings rather than from recovery. After that, the phone will be a clean slate. This will be pretty simple for a moderately tech-proficient thief to take your phone and remove your stuff from it.
At this moment, we are not sure how many Samsung devices are affected, but we may soon see an array of update from Samsung in an effort to close this loophole.