search icon
Close

What are you looking for?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Security Bug in Samsung Galaxy S24: Bypassing Factory Reset Protection (FRP)

(Topic created on: 13-12-2024 07:58 AM)
1225 Views
abby_0820
Apprentice

‎13-12-2024 07:31 AM - last edited ‎13-12-2024 08:00 AM

Options

I recently encountered a concerning issue with my Samsung Galaxy S24. After forgetting my phone's password, I visited an authorized Samsung service center to perform a factory reset. Here's what happened:

  1. The staff informed me that a factory reset would wipe all data and required server verification, for which I agreed and proceeded.
  2. After the reset, to my surprise, the phone did not ask for Google or Samsung account verification.
  3. The technicians themselves were shocked and said this was the first time they encountered such behavior. They were able to skip all set up your phone things without any intervention and handed the phone back to me.
  4. They did not charge me due to this unusual situation.

This is a serious security concern, as Samsung devices are known for their secure hardware-backed encryption and Factory Reset Protection (FRP), which prevents unauthorized access post-reset.

If FRP can be bypassed in this manner, it raises questions about the reliability of security mechanisms on Samsung's flagship devices.

I urge Samsung to investigate this issue promptly to ensure the security of its users. If others have encountered similar issues, please share your experiences

#SamsungGalaxyS24 #FRPBug #SecurityIssue #FactoryReset #SamsungSupport

0 Likes
21 REPLIES 21
-Robot-
Samsung Members Star ★

‎13-12-2024 07:36 AM - last edited ‎13-12-2024 07:37 AM

Options
I don't understand, if everything has been wiped why would it need verification? At that point its been completely wiped, no security risk at that point

You would need it to re-setup everything but on a blank handset

I have factory reset my phone many times not need any security after factory reset, only when re-setring it back up
abby_0820
Apprentice

‎13-12-2024 07:44 AM

Options
In response to -Robot-

What if my phone is lost and someone resets it

What's the point of having the security

see this post from samsung:

https://www.samsung.com/my/support/mobile-devices/why-do-i-need-re-enter-my-google-account-after-a-f...

-Robot-
Samsung Members Star ★

‎13-12-2024 07:48 AM - last edited ‎13-12-2024 07:51 AM

Options
As I and the doc said you need to re-enter detail to complete setup

Security is to protect the data on the phone, which it has done. If you lost the phone or had it stolen it's gone and the security stops people stealing your data. As no data is present and the software is in default unset up state no security exists or needed

As to your question, what's the point of the security? You have answered your own question it's not needed that's why it isn't there

Factory rest mean return to default state, as from the factory. You don't have security setup on it, when it leaves the factory
abby_0820
Apprentice

‎13-12-2024 07:58 AM

Options
In response to -Robot-

My concern is about the Factory Reset Protection (FRP) mechanism, which is designed to prevent unauthorized access to the device after a reset.

In my case, the service center was able to reset my phone and bypass all verification steps (Google and Samsung account) without requiring my credentials. This is unexpected and concerning because FRP is supposed to ensure that even after a factory reset, only the rightful owner can set up the phone.

-Robot-
Samsung Members Star ★

‎13-12-2024 08:00 AM - last edited ‎13-12-2024 08:02 AM

Options
In response to abby_0820
The factory reset protection is to stop people factory reseting it, as it was a service center they are able to do that. That doesn't affect the security of the data on your phone.

Factory reset is to protect data on the phone so no one can access it, not to protect it from being stolen or damages or lost etc... That's what insurance is for

Protection isn't insurance
0 Likes
abby_0820
Apprentice

‎13-12-2024 08:11 AM

Options
In response to -Robot-

FRP is meant to ensure that even after a factory reset, the device cannot be set up without verifying the associated Google or Samsung account credentials. This protects the device from unauthorized use.

In my case, after the service center reset my phone, it didn’t prompt for any Google or Samsung account verification at all. The service center staff themselves admitted they had never seen this happen before as it requires a server verification.

-Robot-
Samsung Members Star ★

‎13-12-2024 08:15 AM

Options
In response to abby_0820
That where your wrong, it's not what you think it is but what it actually there for.

it's to protect people from factory resetting it. Your handset was reset by a service centre. They are supposed to be able to by pass the security or you would be complaining how useless they are
0 Likes
Windroid
Troubleshooter

‎13-12-2024 08:18 AM - last edited ‎13-12-2024 08:20 AM

Options
Report it directly to them through the feedback in the members app. Tell them their own Samsung serviced did it. Let's see what they have to say 😊🔥
0 Likes
abby_0820
Apprentice

‎13-12-2024 08:34 AM

Options
In response to -Robot-

Thank you for your input. I now understand that the service center is authorized to bypass certain security measures like factory reset protection (FRP). However, the lack of any post-reset verification, which is unusual even for an authorized reset, raised my concerns.

While I appreciate your explanation, I believe it’s worth Samsung reviewing this case to ensure there are no vulnerabilities. Thanks again for your time!