Smartphones offer users plenty of ways to keep the data they store secure, but what about protecting the phones themselves? Google’s tried to make Android phones less appealing to thieves by implementing factory reset protection that prevents ne’er-do-wells from being able to use your phone after just wiping it clean – if you’ve got a Google account tied to the device, the handset will fail to complete setup until the proper credentials are provided. At least, that’s the way it’s supposed to work, but a new attack reveals how Samsung devices are vulnerable to an easy work-around.
Normally, a protected phone will demand you log in to its associated Google account following a factory reset. But on Samsung phones, there appears to be software in place that allows users to access a connected USB On-The-Go flash drive prior to completing that step. Not only can users browse the connected drive, but they can also launch APKs from it – and by choosing the proper app, it’s trivial to enter phone settings and perform a system reset that bypasses the need to authenticate with Google.
We’re not yet sure of the full scope of affected devices (and this attack may well apply to phones from other manufacturers beyond Samsung, if they use software that behaves similarly), but if the situation’s as bad as it seems, Samsung may soon find itself scrambling to update phones across its lineup in an effort to close this loophole. For now, you’d better just keep a close eye on your phone.