Some Android smartphones already come with pipeline protection from reset, making it impossible to “reset” stolen device and continue to use it as his own. Developer under the name Rootjunky showed that on smartphones Samsung this security restriction can be circumvented in just a few minutes.
Feature makes the phone inoperable if someone tries to reset data using recovery mode. The user will have to enter the owner password to use the device.
As it turned out, Samsung smartphones, including Galaxy Note 7 and the Galaxy S7 is the vulnerability, which makes the protection useless. To reset you need to perform the following sequence of actions:
“The user restarts the smartphone, connect it to wifi, and then to the computer. In the next step, it downloads the program from the website, which allows it to send fake phone calls. After the call, he presses the button “Create contact” then “Scan business card”. Opens a menu to download the app to scan the cards from the Galaxy Apps store. It is authorized under the Samsung account and uploads the file Manager, which allows it to open an app is essentially a shortcut for the login page in to your Google account. After that, he presses the button with three dots and open the web page. Then he is authorized under a new Google account, restart the device and adjusts the smartphone from scratch.
After the user logs in to the smartphone using your Google account, reset the data on the device is easy. Instead of doing it out of recovery mode, simply open the file Manager. In the end, the Communicator can be used as if you own it.
Samsung has not commented on the discovered security gap. Will the company release an update to resolve this problem, it is not reported.
