The security researcher John Gordon has discovered a very simple way to bypass the mobile lock feature implemented on smartphones running Android 5.0 and 5.1 (Build LMY48M).
Mechanisms like Password lock, Pattern lock and PIN lock are used by almost every mobile user to protect his device from unauthorized physical access.
Gordon discovered a vulnerability that could be exploited to unlock an Android smartphone (5.0 build LMY48I) with locked screen. The operation causes the crash of the user interface for the password screen and open the doors of the device.
The vulnerability dubbed as “Elevation of Privilege Vulnerability in Lockscreen” has been coded as CVE-2015-3860.
Below the steps to unlock the screen by forcing the camera app crash.
The Android user will notice the soft buttons (home and back button) at the bottom of the screen will disappear when the camera app is going to become unresponsive. Suddenly the app will crash and get user to the Home Screen of the device.
Below the Video PoC of the hack.
Google has already released a patch for its Nexus devices.
(Security Affairs – Android 5.x, hacking)
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.