CVE-2016-11036

Vulnerability

A Factory Reset Protection (FRP) bypass vulnerability exists on Samsung mobile devices running Android M(6.0). The issue, tracked as SVE-2016-6008, allows an attacker to circumvent the FRP mechanism, which is designed to prevent unauthorized use of a lost or stolen device by requiring the original Google account credentials after a factory reset. The vulnerability was present in M(6.0) software; the exact affected versions were not detailed in the available references [1].

Exploitation

The description and references do not provide the specific sequence of steps required to exploit this bypass. An attacker would need physical access to the device, and likely some level of user interaction or specific timing to bypass the FRP lock screen. Further technical details are not disclosed in the available references [1].

Impact

Successful exploitation allows an attacker to perform a factory reset and then set up the device as a new user, bypassing the Google account verification that FRP is intended to enforce. This could lead to unauthorized use of the device and potential access to personal data if not properly encrypted. The impact is limited to physical device access, but the bypass removes a key theft deterrent [1].

Mitigation

Samsung released a security update in August 2016 to address SVE-2016-6008. Users should ensure their devices are updated to the latest firmware version provided by Samsung. There is no indication that this vulnerability is listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. For devices no longer receiving updates, no further mitigation is available [1].