Imagine you’re just a normal, everyday Android phone user with a Samsung Galaxy S22 Ultra and then all of a sudden you become the victim of a phone hijacking. Despite your many attempts, you aren’t able to regain control of your device and it ends up stuck in a perpetual loop that tells you your phone is managed by your organization, and that all of the activity on the phone is monitored by that organization.
Only, your phone isn’t part of your organization, or any organization for that matter. Because you purchased your Samsung Galaxy S22 Ultra either directly from Samsung or a retail partner. That’s the issue that several users are now reportedly facing. After performing a factory reset on their device, users were met with a message that told them their Galaxy S22 Ultra isn’t private.
This is a legitimate screen that is supposed to show up on devices that are part of enterprise setups. For example, if your company has several hundred employees and each of them is given a Galaxy S22 Ultra work phone. These devices would then be managed by a company administrator. The issue here obviously is that these are supposedly not company phones, but devices belonging to individuals.
The Galaxy S22 Ultra hijacking issue is being perpetrated by an unknown person or group
There are seemingly a few things that are certain about this issue users are facing. First, factory resetting the device won’t help the situation. Your device reportedly ends up in the same spot. Second, it seems the hijacking is being done by an unknown person or group of people.
As reported by Android Authority, when users are met with the “this Galaxy S22 Ultra isn’t private” message, the second screen during the setup process lists “Numero LLC” as the associated admin. This LLC is apparently not in the US database but could be linked to South Korea.
Additionally, “FRP Unlock Samsung” is listed in the logo alongside the “SAMSUNG ADMIN” name on the device admin apps screen. This could signify that the phone owners previously used a potentially unsafe software to unlock their devices. If that’s the case, then that could explain how this might be happening. As that software could have harvested IMEI numbers. With this issue panning out the way it has, it seems the IMEI numbers of these phones were added to this company’s Knox portal. It’s also suggested that Samsung’s Knox software may have been compromised in some capacity.
Either way, users who end up in this position have essentially two options. They can finish setting up the phone with basically full admin control being given to this unknown admin (a very bad idea), or they just have to stop using the phone completely. Neither is an ideal scenario. That being said, this is as good a reason as any to upgrade to a Galaxy S26 Ultra.
The post A secret cabal is hijacking Samsung Galaxy S22 Ultra devices appeared first on Android Headlines.
