Tuesday, November 10, 2015

Samsung allows easy bypass of Android Factory Reset Protection

Just a few days after Google hinted Samsung would better stop meddling with Android, as it was introducing several basic security flaws that made it vulnerable, here's another jab: Samsung's modifications make it very easy for anyone to bypass Android's anti-theft reset protection system.

To discourage smartphoone thefts, Google added a Factory Reset Protection to Android, that prevents a thief from simply resetting a stolen device and use it. This systems is designed so that you'll still need the original owner's permission to really clean up the device... but it can easily be bypassed on Samsung's devices.

The trick is that Samsung decided to make things easier to users. When you connect a USB storage device to one of their Android smartphones, it automatically launches a file manager app. The issue is that this action happens even during the initial setup process - which allows an attacker to simply download and execute an app that does a special reset that bypasses the protection system; meaning... there's no protection at all.

Surely Samsung didn't intend to make things easier to thieves. But this is just one more case that you can't/shouldn't mess with things without thinking of its consequences; particularly when dealing with systems that have such a complexity and where it's hard to remember just how far the implications of each tiny modification may reach.

No comments:

Post a Comment

Related Posts with Thumbnails

Amazon Store