A Security researcher and
hacker, named John Gordon,
has found an easy way to
bypass the security of locked
smartphones running Android
5.0 and 5.1 (Build LMY48M).
Many of us use various
security locks on our devices
like Pattern lock, PIN lock and
Password lock in order to
protect the privacy of our
devices.
However, a vulnerability could
now allow anyone to take your
Android smartphone (5.0 build
LMY48I) with locked screen,
perform a "MAGIC TRICK" and
as a result crash the user
interface (UI) for the password
screen and gain access to your
device.
The vulnerability, assigned
CVE-2015-3860, has been
dubbed as "Elevation of
Privilege Vulnerability in
Lockscreen".
How the Attack Works?
The secret behind the
researcher's "MAGIC TRICK" is
as follows:
Get the device and
open the Emergency
dialer screen.
Type a long string of
numbers or special
characters in the input
field and copy-n-paste
a long string
continuously till its
limit exhausts.
Now, copy that large
string.
Open up the camera
app accessible without
a lock.
Drag the notification
bar and push the
settings icon, which
will show a prompt
for the password.
Now, paste the earlier
copied string
continuously to the
input field of the
password, to create an
even larger string.
Come back to camera
and divert yourself
towards clicking
pictures or increasing/
decreasing the volume
button with
simultaneously
tapping the password
input field containing
the large string in
multiple places.
All this is done to make the
camera app crash. Further, you
will notice the soft buttons
(home and back button) at the
bottom of the screen will
disappear, which is an
indication that will enable the
app to crash.
At this time, stop your actions
and wait for the camera app to
become unresponsive.
After a moment, the app will
crash and get you to the Home
Screen of the device with all
the encrypted and
unencrypted data.
Now without wasting time go
to Settings > Developer
options > Enable USB
debugging and control the
device by installing the
Android Debug Bridge (ADB)
utility.
In addition to this, if we notice
the number of users with
Android 5.0 and 5.1 with
hardware compatibility as
Nexus 4 and software installed
as Google factory image -
occam 5.1.1 (LMY47V) are less.
Therefore, the risk associated
will affect those users only.
Furthermore, for those users
we have a good news that is-
the patch has released for the
vulnerability and is made public
by Google.
My question is, will it also affect other L users???
hacker, named John Gordon,
has found an easy way to
bypass the security of locked
smartphones running Android
5.0 and 5.1 (Build LMY48M).
Many of us use various
security locks on our devices
like Pattern lock, PIN lock and
Password lock in order to
protect the privacy of our
devices.
However, a vulnerability could
now allow anyone to take your
Android smartphone (5.0 build
LMY48I) with locked screen,
perform a "MAGIC TRICK" and
as a result crash the user
interface (UI) for the password
screen and gain access to your
device.
The vulnerability, assigned
CVE-2015-3860, has been
dubbed as "Elevation of
Privilege Vulnerability in
Lockscreen".
How the Attack Works?
The secret behind the
researcher's "MAGIC TRICK" is
as follows:
Get the device and
open the Emergency
dialer screen.
Type a long string of
numbers or special
characters in the input
field and copy-n-paste
a long string
continuously till its
limit exhausts.
Now, copy that large
string.
Open up the camera
app accessible without
a lock.
Drag the notification
bar and push the
settings icon, which
will show a prompt
for the password.
Now, paste the earlier
copied string
continuously to the
input field of the
password, to create an
even larger string.
Come back to camera
and divert yourself
towards clicking
pictures or increasing/
decreasing the volume
button with
simultaneously
tapping the password
input field containing
the large string in
multiple places.
All this is done to make the
camera app crash. Further, you
will notice the soft buttons
(home and back button) at the
bottom of the screen will
disappear, which is an
indication that will enable the
app to crash.
At this time, stop your actions
and wait for the camera app to
become unresponsive.
After a moment, the app will
crash and get you to the Home
Screen of the device with all
the encrypted and
unencrypted data.
Now without wasting time go
to Settings > Developer
options > Enable USB
debugging and control the
device by installing the
Android Debug Bridge (ADB)
utility.
In addition to this, if we notice
the number of users with
Android 5.0 and 5.1 with
hardware compatibility as
Nexus 4 and software installed
as Google factory image -
occam 5.1.1 (LMY47V) are less.
Therefore, the risk associated
will affect those users only.
Furthermore, for those users
we have a good news that is-
the patch has released for the
vulnerability and is made public
by Google.
My question is, will it also affect other L users???
