Android USB-OTG vulnerability

Interesting story from TechWorm on a Samsung-flavored Android security issue, unclear how this impacts other vendor’s flavors of Android:

Samsung lets you hack it smartphone even with factory reset protection enabled with a USB OTG

In order to protect a Android smartphones from theives, Google introduced a new feature in Android 5.0 Lollipop. The new feature allows your phone to stay protected in the event of a factory data reset that occurs from within recovery. Android 5.0 Lollipop gives this root level protection to Android smartphone owners and it will persistently ask for the primary Google account’s password after a phone has been factory reset in this manner. This protection helps the owner in case a thief or a hacker tries to gain access to the phone. However, a Android user, RootJunky has proved that it is easy to bypass this system level protection with just a USB OTG cable and APK within 10 minutes.  RootJunky recently discovered a flaw on Samsung devices which allows you to bypass the system level protection with just that. […]

Full story:

http://www.techworm.net/2015/11/samsungs-factory-reset-protection-bypassed-with-usb-otg-video.html

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s