Android Phone Locks Picked

[SiempreTuna]

Seems there's another vulnerability, this time it allows you phone lock PIN, password, gesture or facial recognition to be bypassed on 4.0 to 4.3 (4.4 is apparently fine .. for now)

No work around for the moment

 

[dibblebill]

Seems there's another vulnerability, this time it allows you phone lock PIN, password, gesture or facial recognition to be bypassed on 4.0 to 4.3 (4.4 is apparently fine .. for now)

No work around for the moment

Doesn't really allow you to bypass an already locked phone. Just one that you already have access to install apps/run them from.

 

[lunatic59]

agreed. You'd have to have access to install an app that took advantage of this exploit for it to work. I doubt any app that this was found in would have much of a life in the play store.

 

[Davdi]

But some people install apps from less well maintained sources (Don't they?)

 

[Rxpert83]

But some people install apps from less well maintained sources (Don't they?)

Surely some people do. But if they do that, they're already putting themselves at risk for all kinds of malware that can do a lot more than simply unlock your device.

For 95+% of users, this vulnerability is nothing to worry about.

 

[Digital Controller]

Like Rxpert said, and to kind of go into more detail, basically you would need to side load these applications and turn on the "unknown sources" option, thus you are knowingly installing applications that can potentially put your device at risk for this type of harm.

 

[zuben el genub]

Why isn't there something to lock individual apps instead of the whole phone?
I can't lock mine, if the Vulcan ever needed it in an emergency, he'd be lost.
I have friends, husband and wife, who SWAP phones when one isn't charged.
Keeping some things private might be nice like if you are shopping for a present.

 

[lunatic59]

I do believe you can always dial 911, even with a locked phone.

 

[Hadron]

Why isn't there something to lock individual apps instead of the whole phone?
I can't lock mine, if the Vulcan ever needed it in an emergency, he'd be lost.
I have friends, husband and wife, who SWAP phones when one isn't charged.
Keeping some things private might be nice like if you are shopping for a present.

My solution to this is that I know my wife's pattern and she knows my PIN.

She doesn't know the key I use to encrypt private memos though.

 

[Digital Controller]

I do believe you can always dial 911, even with a locked phone.

You can, it should give you the option to dial emergency from the lockscreen

 

[zuben el genub]

My solution to this is that I know my wife's pattern and she knows my PIN.

She doesn't know the key I use to encrypt private memos though.

The Vulcan could neither remember a pattern or a pin. He'd have to pin a note in a pocket or something.

 

[funkylogik]

Theres apps like Smart App Lock that use a pin to lock the apps of your choice (including the settings menu) :thumbup:

 

[kate]

Like Rxpert said, and to kind of go into more detail, basically you would need to side load these applications and turn on the "unknown sources" option, thus you are knowingly installing applications that can potentially put your device at risk for this type of harm.

Unfortunately some people don't know this is risky. When they want a certain app they will install it without a second thought to the potential consequences.

 

[atifn79]

I have something to share with you guys

A couple of weeks ago, the iPhone world discovered an exploit (not fixed) that allowed anyone to bypass the lockscreen and access the phone, messages, and even pictures.

Well, the bug has been caught in the GS3 world now, too. A few days ago, mobile enthusiast Terence Eden discovered a flaw that also allowed limited access to certain features of your Samsung Galaxy S3, and only in very certain circumstances. And it works no matter what protection you have enabled...Pattern Lock, PIN, Password, or Face Unlock.

Steps to Exploit #1
Lock your phone and turn the screen back on.
Go to Emergency Call.
Select the Emergency Contact icon on the bottom left.
When in the Emergency Contact screen, hit the Home button.
You will see a flash of your Home Screen (no matter what launcher you are using).
In that second when the Home Screen flashes, you can select an app/widget to execute.

The limitations with this exploit are that almost anything you select will run in the background, and you will be back at the lock screen. Where this exploit can be effective is if, let's say, you have a Direct Dial widget on your homescreen. In this case, someone can hit this widget, and the call will go through.

While this is something that should be fixed, it doesn't actually allow you to do much, so really, it's not all that scary. Unfortunately, the fun doesn't end there.

Yesterday, Sean McMillan of Full Disclosure opened up the initial exploit and discovered something much scarier. If successful, not only will this exploit open up the full contents and capabilities of your S3, but it will disable the lock screen completely until the phone is rebooted.

Steps to Exploit #2
Lock your phone and turn the screen back on.
Go to Emergency Call.
Select the Emergency Contact icon on the bottom left.
When in the Emergency Contact screen, hit the Home button.
Immediately after hitting Home, press the Power button.
If you did this correctly, the next time you press Power, your device will go directly to your homescreen.
This is obviously not good. Sean does note that you may need to do this multiple times to get it to work. Also, it doesn't matter what launcher you are using, or whether you are using a lockscreen replacement or not.

In the interest of full disclosure, I tried about 30 times, both with my rooted/modded phone, and with a bone-dry stock phone, and I couldn't replicate it.

But, just because I couldn't do it, doesn't mean it isn't real and dangerous. At this point, there has not been any word out of Samsung regarding this exploit, but I imagine a response and a patch will be on their way shortly.

Atif Naser