Factory Reset Protection Bypass Found for Nexus Devices With May Security Update: Report

Factory Reset Protection Bypass Found for Nexus Devices With May Security Update: Report
Highlights
  • The bypass method is complex, involving over a dozen steps.
  • With the method, thieves can completely reset a stolen device.
  • The bypass was supposedly reported to Google, and allegedly dismissed.

An Android security researcher has found a way to bypass the factory reset protection (FRP) in the latest Android 6.0.1 Marshmallow build complete with the latest May Android Security Update.

While it's a complicated process, the method detailed by RootJunky apparently manages to bypass the factory reset protection system on the Huawei-made Nexus 6P. The researcher has detailed the bypass, meant specifically for Nexus devices, in a YouTube video seen later in the article.

RootJunky explains that when Nexus users (or thieves) have reset their smartphones, they can skip the FRP check by disconnecting the Wi-Fi they're currently connected to. Once they have done so, they can then create a Google account by using a special apk file and the preloaded Chrome browser. After they have signed into the new account, and the phone syncs to the account, they can then reset the smartphone again - but this time, they know the password to the account the smartphone is associated with, and will have full access to the smartphone.

To recall, Google first introduced Factory Reset Protection, also known as Device Protection, with Android 5.1 Lollipop. The system is meant to ensure that if an Android device has been stolen, the thief cannot gain full access to the device even after factory resetting it. 

The researcher says he submitted this bypass, which he says works on Nexus devices with older security patches as well, to Google along with other privilege escalation methods as security risks. Google however did not acknowledge the bypass to be a real security risk. Of course, while the method is complex, it is not so complex that determined smartphone thieves cannot use it to reset a large number of stolen devices.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Abhinav Lal is News Editor at Gadgets 360 and has been tracking all things tech for over a decade now. He has written extensively on a range of topics including apps, gaming, mobiles, PCs, and Web services in his tech journalism career. Apart from editing news, he also works on reviews and features, while taking care of the product side of things at Gadgets 360. Write to him at abhinavl@ndtv.com or get in touch on Twitter. You will most likely find Abhinav editing stuff for Gadgets 360, ...More
The Weekend Chill: Captain America Civil War, Battleborn, and More
Apple CEO Tim Cook to Visit China for Government Meetings: Report

Related Stories

Share on Facebook Tweet Snapchat Share Reddit Comment
 
 

Advertisement

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2021. All rights reserved.
Listen to the latest songs, only on JioSaavn.com