As of Android 5.0 Lollipop, Google introduced a new feature that allows your phone to stay protected in the event of a factory data reset that occurs from within recovery. It’s a system-level protection that’ll persistently ask for the primary Google account’s password after a phone has been factory reset in this manner, which is supposed to provide the ultimate level of protection from someone who might attempt to gain access to the phone.
But what if we told you it was easy to bypass the protection with just a USB OTG cable, an app and under 10 minutes of patience? RootJunky recently discovered a flaw on Samsung devices which allows you to do just that.
The gist of it is that some phones automatically launch the file manager when a USB OTG storage device is detected. This is true for Samsung phones, even if the phone is locked. The method involves placing an APK on the USB OTG drive. The APK has one simple function: open settings. So you plug it in, the file manager opens, you open settings, and you reset the phone from there.
Resetting a phone from the settings menu in this manner doesn’t trip the factory reset protection switch, so once it reboots the person will have full access to the phone as if it were their own. While much of the data from apps might be wiped clean, this still poses a problem for sensitive files which may exist on portions of the internal storage that aren’t touched when a phone goes through a factory reset, such as photos and video.
It’s a pretty serious flaw which we expect Samsung to address in one of the periodic security patches they’ve committed to delivering. We’re not sure what such a fix would entail, but it might be sensible to disable file manager access while a phone is locked altogether. Any deeper forms of protection — such as restricting the ability to launch any apps while the phone is locked — would also be a nice start.
Unfortunately we’re not yet sure if Samsung is even aware of the flaw, or whether they’ve already implemented plans to fix it if they are. We’ve dropped a line into the company to see if they can comment on the issue and we’ll be sure to report back with anything we hear.
We should also clarify that Samsung might not be the only OEM susceptible to this trickery — the flaw might be present in any device that automatically launches a file manager when a USB OTG device is connected. Be careful, folks, and sit tight as we dig for more.
Comments