Today's Hard|Forum Post
Today's Hard|Forum Post

Wednesday September 16, 2015

Emergency-Number Hack Bypasses Android Lock Screen

You have to wonder how the hell this guy figured this out. Was he just bored one day and started messing around with his phone?

A vulnerability exists in Android 5.x <= 5.1.1 (before build LMY48M) that allows an attacker to crash the lockscreen and gain full access to a locked device, even if encryption is enabled on the device. By manipulating a sufficiently large string in the password field when the camera app is active an attacker is able to destabilize the lockscreen, causing it to crash to the home screen. At this point arbitrary applications can be run or adb developer access can be enabled to gain full access to the device and expose any data contained therein.