A security researcher, named John Gordon, has discovered an easy way to bypass the security of locked smartphones running Android 5.0 and 5.1 (Build LMY48M).
Many of us use various locks security on our devices such as pattern lock, PIN lock and password lock to protect our privacy.
However, a vulnerability could allow someone to get it Android your smartphone (5.0 build LMY48I) with locked screen, to perform a “magic trick” that will cause the user interface (UI) for the password screen to crash and gain access to your device.
The vulnerability in question (CVE-2015-3860), has been named as “Elevation of Privilege Vulnerability in Lockscreen” (elevating privileges on locked screen).
The secret behind the "magic trick" is as follows:
- Take the locked device and open the emergency call screen.
- Type a long string of numbers or special characters in the input field and then copy and paste (copy-paste) continuously forming a long string until it reaches the input limit and the field can not accept other characters.
- Now copy this big string of characters.
- Open the camera application that is accessible even on a locked phone.
- Drag the notification bar and touch the configuration icon to ask for your password.
- Now paste the previous string of characters you have copied in the password entry field and do it continuously to create an even larger string.
- Turn back on the camera to take photos or zoom in - decrease the volume with the key while touching the password entry field that contains the wide range of characters.
All this is done to make the camera "crash" (crash). Further, you will notice the Home and Back keys at the bottom of the screen disappear, which is an indication that the application is about to shut down.
At this time, stop your actions and wait until the camera application stops responding.
After a while, the app will crash and you will have your device's Home screen with all encrypted and unencrypted data.
Now all you have to do is go to Settings > Developer options > Enable USB Debugging (Settings > Developer options > Enable USB debugging) and you can test your device by installing Android Debug Bridge (ADB).
Watch the demo video below, where you can see in practice how Gordon performed the hack.
If you manage to bypass the lock screen on your device then you have a serious security issue and you certainly have not installed the patch that has been released by Google for that vulnerability.
It is a good idea to install the patch directly.
