Google has made improvements in the latest versions of Android, with the aim that the devices could only be restored by their owners.
This small change can ensure greater security, but Samsung ultimately destroyed all of this structure with a simple and innocent failure.
>
From the Android Lollipop (5.1) whenever done restoring factory of a smartphone with a Google account associated, it is mandatory to be logged in with the same account, so that we continue to use the phone.
With this Google security measure increases exponentially the protection of Android and its users, ensuring that even in case of loss or theft of their phones can not be reused.
But if the majority of smartphones this is an active and actually useful protection in Samsung phones is simple circumvent it simply ignoring all the security that Google placed.
The failure of Samsung
The cause of this security flaw results from a behavior of Samsung smartphones, that whenever realize that an OTG or USB stick is connected, via OTG cable, launch the file explorer.
With this application launched can then run a new application, which forwards the user to the zone settings, where it can be done again a factory restore, this time without any associated account. This new restoration will not ask any account the user, leaving the phone accessible to anyone.
In order to exploit this flaw only need to have a pen with OTG connection, either with a cable these and access physical equipment.
In a few minutes the phone is restored to its factory settings and can then be configured with any Google account.
It should be noted that despite having been discovered in smartphones Samsung, the failure should exist in any of the other devices that have the same file explorer behavior.
This file explorer behavior can be extremely useful in normal use situations, but turns out to be a failure that compromises the security of Android.
No comments:
Post a Comment