Unlock Android 5.x devices is very easy

The security researcher John Gordon has found an easy way to unlock smartphones running Android 5.0 and 5.1 (Build LMY48M).

The security researcher John Gordon has discovered a very simple way to bypass the mobile lock feature implemented on smartphones running Android 5.0 and 5.1 (Build LMY48M).

Mechanisms like Password lock, Pattern lock and PIN lock are used by almost every mobile user to protect his device from unauthorized physical access.

Gordon discovered a vulnerability that could be exploited to unlock an Android smartphone (5.0 build LMY48I) with locked screen. The operation causes the crash of the user interface for the password screen and open the doors of the device.

The vulnerability dubbed as “Elevation of Privilege Vulnerability in Lockscreen” has been coded as CVE-2015-3860.

Below the steps to unlock the screen by forcing the camera app crash.

Get the device and open the Emergency dialer screen.
Type a long string of numbers or special characters in the input field and copy-n-paste a long string continuously till its limit exhausts.
Now, copy that large string.
Open up the camera app accessible without a lock.
Drag the notification bar and push the settings icon, which will show a prompt for the password.
Now, paste the earlier copied string continuously to the input field of the password, to create an even larger string.
Come back to camera and divert yourself towards clicking pictures or increasing/decreasing the volume button with simultaneously tapping the password input field containing the large string in multiple places.

The Android user will notice the soft buttons (home and back button) at the bottom of the screen will disappear when the camera app is going to become unresponsive. Suddenly the app will crash and get user to the Home Screen of the device.

Below the Video PoC of the hack.

Google has already released a patch for its Nexus devices.

Pierluigi Paganini

(Security Affairs – Android 5.x, hacking)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.