topic Re: Re: Samsung Note20 Ultra com.google.android.gms remote arbitrary code exec.. in Galaxy Note Series

Samsung Note20 Ultra com.google.android.gms remote arbitrary code execution security breach

Dia5 — Wed, 04 Oct 2023 22:57:46 GMT

Samsung S10+ and Note 20 Ultra OneUI 5.1 have a serious security flaw, I have only official applications installed and in both devices my accounts were breached by a remote execution of com.google.android.gms (Google play services), on Google Pixel 4 I didn't have this problem.

Basically a fake prompt is sent to all my accounts and you can press "no" or "yes" I didn't touch either and just dismissed it.

Re: Samsung Note20 Ultra com.google.android.gms remote arbitrary code executio..

BEARDSLEY — Thu, 05 Oct 2023 01:07:16 GMT

how can I factory reset my Samsung mobile phone

Re: Samsung Note20 Ultra com.google.android.gms remote arbitrary code executio..

Dia5 — Thu, 05 Oct 2023 05:21:53 GMT

Download adb platform tools, Samsung drivers, go in adb folder run cmd.exe, enable usb debug in developer options, adb reboot recovery and factory reset

Settings, search for reset

Volume up and power with usb attached and factory reset in recovery

Volume up and down while off and connect usb, then in download mode flash csc file

Nice try troll

Re: Samsung Note20 Ultra com.google.android.gms remote arbitrary code executio..

Pugs1957 — Thu, 05 Oct 2023 11:42:17 GMT

I'm totally confused. The app you refer to Google Mobile Services is a system app and essential for the device to work properly.
Wha prompt did you get?
Are the screen shots relevant? I don't see anything related to a problem.
Cheers

Re: Samsung Note20 Ultra com.google.android.gms remote arbitrary code executio..

Dia5 — Thu, 05 Oct 2023 11:50:38 GMT

October 16th 2022 I opened an infected program on my then Windows installation, infostealer malware, my session cookies, accounts, personal data and cryptocurrency was stolen. I formatted with Linux reset all passwords and authcodes and in 2023, two of my Samsung devices had a notification from Google play services com.google.android.gms (I am aware it is a critical component of Android). The notification says as screenshot: to finish the Android installation in suspicious letters, and I can press NO or YES, I click neither because I am aware it is a trap, once I press NO the hacker might have remote access and just dismiss it. Hours later I received two calls from foreign numbers, from accounts made in Russia. Another person who visited my home also had the same problem, he has a Samsung device too, but from 2019, I have Note20U with September security patch

Re: Re: Samsung Note20 Ultra com.google.android.gms remote arbitrary code exec..

Pugs1957 — Thu, 05 Oct 2023 13:51:44 GMT

Thanks for that detailed information. I can understand the reason for your concern.
Are you able to install any apps? It would be helpful to scan with Malwarebytes.

Re: Re: Samsung Note20 Ultra com.google.android.gms remote arbitrary code exec..

Dia5 — Thu, 05 Oct 2023 16:01:55 GMT

Yes, no malware was detected. All other Samsung devices in my home also received weird WhatsApp calls from the same Russian hacker (foreign number that changes but same profile picture)

Re: Re: Re: Samsung Note20 Ultra com.google.android.gms remote arbitrary code ..

Pugs1957 — Thu, 05 Oct 2023 17:21:10 GMT

That sounds good. I would try a temporary Google account to see if you can set up without issue, if so, change the account to your "proper " one.