Factory Reset Protection can be easily bypassed on Android N and unpatched stock Marshmallow

Factory Reset Protection (FRP), a protection measure that’s supposed to prevent thieves from using stolen Android devices, is easy to bypass on some Nexus devices running on unpatched versions of stock Marshmallow or even Android N preview.

factory reset protection factory data

Factory Reset Protection (FRP), a coverage degree that’s intended to stop thieves from the use of stolen Android units, is straightforward to circumvent on a few Nexus units operating on unpatched variations of stock Marshmallow and even Android N preview.

For those who’re now not conversant in FRP, right here’s the way it works: if a tool that has a Google account related to it’s reset to manufacturing unit settings, FRP will ask for the credentials of that Google account prior to the device a lot up.

In concept, if any person steals your software, the thief gained’t be in a position to only reset it and move on their merry method the use of it, as a result of they don’t recognize your Google account password.

In follow, no less than till the March safety replace, it used to be easy to circumvent FRP. The process, found out via RootJunky, comes to only a few easy steps that any one can practice, even with none wisdom of Android. It’s a fundamental make the most of safety holes in Google’s keyboard, dialer, and messaging apps and the OS itself. Right here’s a video appearing learn how to bypass FRP on a Nexus 6P:

Now, it gave the impression that Google had patched the problem ^(http://www.appmarsh.com/android-monthly-security-update-features-667787/) within the January safety replace. It didn’t – in advance this week, I used this make the most to get right into a Nexus 6P (operating on the February patch) that had by accident remained locked to one in every of my colleagues’ Google bills.

As an alternative of asking for his or her private Google credentials, I made up our minds to provide this video a shot, and, positive sufficient, it labored – I controlled to get into the software, turn on developer choices, make the bootloader unlockable, and reset the software. I got rid of my colleague’s account and entered mine, like FRP didn’t even exist.

I wasn’t in a position to check whether or not the opening used to be patched within the March replace, however the safety bulletin ^(http://source.android.com/security/bulletin/2018-03-01.html) mentions an “Elevation of Privilege Vulnerability in Setup Wizard” factor defined as follows:

A vulnerability within the Setup Wizard may just allow an attacker who had bodily get right of entry to to the software to realize get right of entry to to software settings and carry out a guide tool reset. This factor is rated as Average severity as a result of it would be used to improperly paintings across the manufacturing unit reset coverage.

That sounds so much like this drawback. However, 3 problems with the similar description have been marked as fastened within the February ^(https://source.android.com/security/bulletin/2018-02-01.html) and January ^(https://source.android.com/security/bulletin/2018-01-01.html) updates, and I used to be nonetheless in a position to circumvent FRP.

A identical make the most exists for Android N preview ^(http://www.appmarsh.com/android-7-0-features-673002/) – RootJunky revealed this video appearing the stairs required to circumvent FRP on a Nexus 6P with Android N. The process comes to a couple of extra steps, nevertheless it’s so easy that even a seven-yr-antique may just apply.

That is obviously a major factor with Factory Reset Protection. If telephone thieves and not using a technical talents can bypass FRP, it negates all of the function of the function, robbery deterrence.

The excellent news is that, way to per thirty days safety patches, problems like this can be fastened slightly temporarily. The dangerous information is, it didn’t take RootJunky so much to discover a other trail round FRP and that makes me marvel how safe the entire gadget is. And safety patches most effective offer protection to individuals who actively set up them within the first position. Out of doors our Android bubble, folks have a tendency to forget about replace notifications for weeks, and that’s assuming they even get them on their units.

Author: Marshmallow

Marshmallow Android is BT Ireland’s Head of Sales for Republic of Ireland domestic multi-site companies, indigenous MNCs and public sector accounts. He is responsible for the direction and control of all sales activity in the region. He has over 10 years management experience from high growth start-ups to more established businesses. He’s led teams in Ireland, India and China across various industries (ICT, On-Line Recruitment, Corporate Training and International Education).