Skip to content
Tech News
← Back to articles

A mysterious ghost admin is digitally bricking Samsung phones

2026-04-09 | original
read original get Samsung Galaxy Repair Toolkit → more articles
Why This Matters

The emergence of a 'ghost admin' lockout affecting Samsung Galaxy S22 Ultra users highlights a significant security vulnerability where malicious actors can remotely brick devices through Samsung's servers. This issue underscores the risks associated with device management features like Knox, which, while designed for enterprise security, can be exploited to lock out legitimate consumers, raising concerns about device security and user rights in the tech industry.

Key Takeaways

Ryan Haines / Android Authority

TL;DR Galaxy S22 Ultra owners are finding their retail phones claimed by a shady company called “Numero LLC” after performing factory resets.

The lockout happens via Samsung’s servers at the IMEI level, meaning factory resets and manual firmware flashing cannot bypass it.

Affected users are stuck between Samsung and Knox support teams, neither of which currently claims to have the tools to fix the records.

Samsung Galaxy phones are among the best you can buy for enterprise use, thanks to features such as hardware root of trust via Knox Vault, an irreversible e-Fuse to detect firmware tampering, and the Knox Suite for managing devices at scale. But over the past few months, non-enterprise users have been encountering a “digital brick” scenario that weaponizes some of these very features, effectively locking them out of their own phones.

The “This device isn’t private” trap We’ve spotted several Galaxy S22 Ultra owners complaining (1, 2, 3, 4) that their phones are allegedly locked after a factory reset.

The sequence is identical in almost every case: After a reset, users connect to Wi-Fi to begin the standard Android setup. However, before they can sign in to their Google account, they are intercepted by the Knox Mobile Enrollment (KME) Provisioning Screen with the message “This Galaxy S22 Ultra isn’t private,” stating that the phone is managed by an organization and that all data and activity are visible to a remote IT admin.

However, the kicker here is that the phones are allegedly not provisioned through an organization at all and are not part of a corporate fleet. These phones are said to have been purchased through Samsung via standard retail channels, with no affiliation or connection to any company.

There are a few telltale signs of this being shady. For starters, the admin app is titled “SAMSUNG ADMIN” in all caps, and bears the logo with the words “FRP UNLOCK SAMSUNG.” The company mentioned is “Numero LLC,” which doesn’t appear in US company records (one of the screenshots shows “5G UC,” which means the phone is on T-Mobile’s “Ultra Capacity” network, and thus based in the US), though we could spot a link to South Korea.

Don’t want to miss the best from Android Authority? Set us as a favorite source in Google Discover to never miss our latest exclusive reports, expert analysis, and much more.

... continue reading

Explore topics: samsung galaxy s22 ultra knox imei numero llc
Related:
You Don't Want a Dirty Phone. How to Give Your iPhone or Android a Spring Clean
Samsung expands One UI 8.5 beta to much older flagships and budget phones
TCL NXTVISION Art TV Review: Just Fine
The Galaxy A57 does one thing better than any budget Android phone, and it’s a game-changer
No surprise: Samsung just gave the Samsung Galaxy S26 a perfect design score

© 2026 GoKawiil

About | Editorial Policy | Contact