The security researcher John Gordon has discovered a very simple way to bypass the mobile lock feature implemented on smartphones running Android 5.0 and 5.1 (Build LMY48M).
Mechanisms like Password lock, Pattern lock and PIN lock are used by almost every mobile user to protect his device from unauthorized physical access.
Gordon discovered a vulnerability that could be exploited to unlock an Android smartphone (5.0 build LMY48I) with locked screen. The operation causes the crash of the user interface for the password screen and open the doors of the device.
The vulnerability dubbed as “Elevation of Privilege Vulnerability in Lockscreen” has been coded as CVE-2015-3860.
Below the steps to unlock the screen by forcing the camera app crash.
The Android user will notice the soft buttons (home and back button) at the bottom of the screen will disappear when the camera app is going to become unresponsive. Suddenly the app will crash and get user to the Home Screen of the device.
Below the Video PoC of the hack.
Google has already released a patch for its Nexus devices.
(Security Affairs – Android 5.x, hacking)