Cyber attack hits Galaxy S22 Ultra
The problem often pops up after a factory reset. As soon as you reset your phone and connect to WiFi, a message appears, "This device is not private". It then indicates that the smartphone is managed by an organisation and that an administrator has access to your data.
Interestingly, these are private devices. Many users indicate that they simply bought their phone through regular channels, without any link to a company. Yet their device is linked to an unknown party called Numero LLC, an organisation that does not seem to exist.
The blocking is done through the so-called Knox Mobile Enrollment (KME), a system normally intended for companies to centrally manage devices. In this case, that function appears to be abused. The linkage takes place at the IMEI level, which means you can't get around it with a factory reset or reinstalling software.
That makes for a tricky situation. You can choose between a device under the control of an unknown administrator, or a phone you can no longer use at all. Both options are far from ideal. What exactly is behind it is still unclear. Possibly a reseller's account was hacked, linking random devices. There is also speculation about exploiting vulnerabilities in Knox or using unofficial unlocking services that gained access to IMEI data.
Either way, the implications are significant. Users report that even Samsung support and authorised repair points often cannot solve the problem. In some cases, you end up in a kind of referral loop between different support departments. It is unknown whether the problem also affects the Netherlands and Belgium.
Samsung has not yet issued an official response to the situation. For now, the advice is to contact support immediately if you encounter this. Prefer not to use the device again, as an unknown party may have access to your data.
