Accessing data on A525FXXU4BVG1 without unlocking.

Prajwol Dhungana
4 min readSep 13, 2023

--

Hello, it has been a while since I last wrote a post. In essence, it’s a write-up on a logical issue I recently discovered on Samsung smartphones which is also my second bug on Samsung.

Therefore, the problem started with the earlier one I discovered that was duplicated. So let me first make it clear. I discovered a problem with Samsung smartphones on 2022.12.19 that the lock pin and pattern could be revealed by a third party under certain circumstances. I submitted this to Samsung, which later designated the issue as duplicate and responded to me as

Reply from the Samsung security team on 2022.12.30

After the issue was duplicated, I was alertly waiting for an update to be pushed. Samsung A52 smartphones received a firmware update on the evening of January 6, so I immediately updated it because I believed a fix had been issued. And I discovered that the duplicated report had been fixed. I thought, “Okay, the issue is fixed,” but then I went busy with my tasks and internal assessments. Later that month, while I was looking for a patch bypass, I discovered something strange on the phone.

The strange thing I discovered was that the third-party application that was exposing the lock pin and pattern was actually Microsoft’s Link to Windows application. This application could be turned on and off directly from the locked screen through the notification bar, which results in a direct connection of the phone to previously connected laptops.

When the phone is connected to the PC, all of the phone’s data — messages, contacts, and photo can be accessed from the PC without the need of password on phone. The Link to windows app is developed and managed by Microsoft but I thought the issue is with firmware and I reported to Samsung mobile. They accepted it as a security bug after 12 days and marked the severity as low.

Confirmation of the vulnerability

Then, after 2 months I was asking for the update of the report and they replied me as:

Then, after about 15 days later they rewarded me with $XXX but according to the Samsung policy they won’t reward unless the fix start to get pushed. So it’s my turn to check whether the issue is fixed by my side or not, I checked the issue but it got fixed surfacely and Now I clicked the ‘link to windows’ text below it’s icon

Then, the new interface was shown

Now, when I turned on the feature from this interface link to window turned on :0, the same issue recurred posing a security risk since the feature could be enable without unlocking the device. Then I quickly reported it to the Samsung security team saying an incomplete fix and after they validated it, it took them around 2 month to fix the issue completely.

Timeline

2023/01/25: Reported to Samsung mobile security team

2023/02/07: confirmation of the vulnerability

2023/04/04: Got rewarded

2023/04/27: Patch update pushed / bypass found

2023/04/27: Reported new report

2023/05/25: Confirmation of the vulnerability

2023/09/12: Issue fixed, Got rewarded +1

2023/09/13: Report closed

Thank you for taking the time to read my article. Have a great day!

You can follow me on Facebook or Instagram if you would like to stay connected with me.

--

--