1. Are you ready for the Galaxy S20? Here is everything we know so far!

Android Phone Locks Picked

Discussion in 'Android Lounge' started by SiempreTuna, Dec 11, 2013.

  1. SiempreTuna

    SiempreTuna Android Expert
    Thread Starter

    Seems there's another vulnerability, this time it allows you phone lock PIN, password, gesture or facial recognition to be bypassed on 4.0 to 4.3 (4.4 is apparently fine .. for now) :eek:

    No work around for the moment :(
     


    funkylogik likes this.

    1. Download the Forums for Android™ app!


      Download

       
  2. dibblebill

    dibblebill Android Expert

    Doesn't really allow you to bypass an already locked phone. Just one that you already have access to install apps/run them from.
     
    El Presidente, gtbarry and funkylogik like this.
  3. lunatic59

    lunatic59 Moderati ergo sum
    Moderator

    agreed. You'd have to have access to install an app that took advantage of this exploit for it to work. I doubt any app that this was found in would have much of a life in the play store.
     
    El Presidente and funkylogik like this.
  4. Davdi

    Davdi Android Expert

    But some people install apps from less well maintained sources (Don't they?)
     
  5. Rxpert83

    Rxpert83 Dr. Feelgood

    Surely some people do. But if they do that, they're already putting themselves at risk for all kinds of malware that can do a lot more than simply unlock your device.

    For 95+% of users, this vulnerability is nothing to worry about.
     
  6. Digital Controller

    Digital Controller The Real Bass Creator

    Like Rxpert said, and to kind of go into more detail, basically you would need to side load these applications and turn on the "unknown sources" option, thus you are knowingly installing applications that can potentially put your device at risk for this type of harm.
     
    funkylogik likes this.
  7. zuben el genub

    zuben el genub Extreme Android User

    Why isn't there something to lock individual apps instead of the whole phone?
    I can't lock mine, if the Vulcan ever needed it in an emergency, he'd be lost.
    I have friends, husband and wife, who SWAP phones when one isn't charged.
    Keeping some things private might be nice like if you are shopping for a present.
     
  8. lunatic59

    lunatic59 Moderati ergo sum
    Moderator

    I do believe you can always dial 911, even with a locked phone.
     
  9. Hadron

    Hadron Smoke me a kipper...
    VIP Member

    My solution to this is that I know my wife's pattern and she knows my PIN.

    She doesn't know the key I use to encrypt private memos though.
     
  10. Digital Controller

    Digital Controller The Real Bass Creator

    You can, it should give you the option to dial emergency from the lockscreen :)
     
    lunatic59 likes this.
  11. zuben el genub

    zuben el genub Extreme Android User

    The Vulcan could neither remember a pattern or a pin. He'd have to pin a note in a pocket or something.
     
  12. funkylogik

    funkylogik share the love peeps ;)

    Theres apps like Smart App Lock that use a pin to lock the apps of your choice (including the settings menu) :thumbup:
     
    Slug likes this.
  13. kate

    kate Dreaming of Bugdroid.
    Moderator

    Unfortunately some people don't know this is risky. When they want a certain app they will install it without a second thought to the potential consequences.
     
  14. atifn79

    atifn79 Lurker

    I have something to share with you guys

    A couple of weeks ago, the iPhone world discovered an exploit (not fixed) that allowed anyone to bypass the lockscreen and access the phone, messages, and even pictures.

    Well, the bug has been caught in the GS3 world now, too. A few days ago, mobile enthusiast Terence Eden discovered a flaw that also allowed limited access to certain features of your Samsung Galaxy S3, and only in very certain circumstances. And it works no matter what protection you have enabled...Pattern Lock, PIN, Password, or Face Unlock.

    Steps to Exploit #1
    Lock your phone and turn the screen back on.
    Go to Emergency Call.
    Select the Emergency Contact icon on the bottom left.
    When in the Emergency Contact screen, hit the Home button.
    You will see a flash of your Home Screen (no matter what launcher you are using).
    In that second when the Home Screen flashes, you can select an app/widget to execute.

    The limitations with this exploit are that almost anything you select will run in the background, and you will be back at the lock screen. Where this exploit can be effective is if, let's say, you have a Direct Dial widget on your homescreen. In this case, someone can hit this widget, and the call will go through.

    While this is something that should be fixed, it doesn't actually allow you to do much, so really, it's not all that scary. Unfortunately, the fun doesn't end there.

    Yesterday, Sean McMillan of Full Disclosure opened up the initial exploit and discovered something much scarier. If successful, not only will this exploit open up the full contents and capabilities of your S3, but it will disable the lock screen completely until the phone is rebooted.

    Steps to Exploit #2
    Lock your phone and turn the screen back on.
    Go to Emergency Call.
    Select the Emergency Contact icon on the bottom left.
    When in the Emergency Contact screen, hit the Home button.
    Immediately after hitting Home, press the Power button.
    If you did this correctly, the next time you press Power, your device will go directly to your homescreen.
    This is obviously not good. Sean does note that you may need to do this multiple times to get it to work. Also, it doesn't matter what launcher you are using, or whether you are using a lockscreen replacement or not.

    In the interest of full disclosure, I tried about 30 times, both with my rooted/modded phone, and with a bone-dry stock phone, and I couldn't replicate it.

    But, just because I couldn't do it, doesn't mean it isn't real and dangerous. At this point, there has not been any word out of Samsung regarding this exploit, but I imagine a response and a patch will be on their way shortly.

    Atif Naser
     
    funkylogik likes this.
Loading...
Similar Threads - Android Phone Locks
  1. Cinque8
    Replies:
    4
    Views:
    616
  2. Second Chance
    Replies:
    6
    Views:
    1,586
  3. HarryC
    Replies:
    5
    Views:
    873
  4. DanCalling
    Replies:
    7
    Views:
    605
  5. AntiMorrisey
    Replies:
    2
    Views:
    1,947
  6. melani78
    Replies:
    0
    Views:
    621
  7. satimis
    Replies:
    8
    Views:
    1,374
  8. markdoc
    Replies:
    0
    Views:
    594
  9. aleislost
    Replies:
    3
    Views:
    1,898
  10. Brickmeister
    Replies:
    3
    Views:
    964

Share This Page

Loading...