BeforeItsNews only exists through ads. We ask all patriots who appreciate the evil we expose and want to
help us savage the NWO with more Truth to disable your ad-blocker on our site only so we can grow and expose more evil! Funding
gives us more weapons! Thank you patriots! Oh and If you disable the Ad-blocker - on your deathbed you will receive total
consciousness. So you got that going for you...which is nice!
A Security researcher and hacker, named John Gordon, has found an easy way to bypass the security of locked smartphones running Android 5.0 and 5.1 (Build LMY48M).
Many of us use various security locks on our devices like Pattern lock, PIN lock and Password lock in order to protect the privacy of our devices.
However, a vulnerability could now allow anyone to take your Android smartphone (5.0 build LMY48I) with locked screen, perform a “MAGIC TRICK” and as a result crash the user interface (UI) for the password screen and gain access to your device.
The vulnerability, assigned CVE-2015-3860, has been dubbed as “Elevation of Privilege Vulnerability in Lockscreen“.
How the Attack Works?
The secret behind the researcher’s “MAGIC TRICK” is as follows:
Get the device and open the Emergency dialer screen.
Type a long string of numbers or special characters in the input field and copy-n-paste a long string continuously till its limit exhausts.
Now, copy that large string.
Open up the camera app accessible without a lock.
Drag the notification bar and push the settings icon, which will show a prompt for the password.
Now, paste the earlier copied string continuously to the input field of the password, to create an even larger string.
Come back to camera and divert yourself towards clicking pictures or increasing/decreasing the volume button with simultaneously tapping the password input field containing the large string in multiple places.
All this is done to make the camera app crash. Further, you will notice the soft buttons (home and back button) at the bottom of the screen will disappear, which is an indication that will enable the app to crash.
At this time, stop your actions and wait for the camera app to become unresponsive.
After a moment, the app will crash and get you to the Home Screen of the device with all the encrypted and unencrypted data.
Now without wasting time go to Settings > Developer options > Enable USB debugging and control the device by installing the Android Debug Bridge (ADB) utility.
Video Demonstration shows Attack in Work
Watch the video demonstration given below, where you can see practically how Gordon executed the hack.
In addition to this, if we notice the number of users with Android 5.0 and 5.1 with hardware compatibility as Nexus 4 and software installed as Google factory image – occam 5.1.1 (LMY47V) are less. Therefore, the risk associated will affect those users only.
Furthermore, for those users we have a good news that is- the patch has released for the vulnerability and is made public by Google.
About the author
Researcher and Technical Writer at The Hacker News. An Information Security Consultant and System Auditor, a keen Security Evangelist for all forms of Cyber Security and Denotational Counter Hack Requirements of the Industry, Academia and Society.
Subscribe for Updates
Want more Interesting News like this? Sign up here to receive the best of ‘The Hacker News’ delivered daily straight to your inbox.