Another Android Vulnerability, Remove Device Locks

|

Android-Security

Written by: C. Anthony Esposito II

In the wake of the text flashing vulnerability found on Nexus devices, a real and much worse vulnerability has emerged. This vulnerability through a rogue app that can disable and remove all device locks in use by the current user.

HOW TO: Change system date in OS X ...
HOW TO: Change system date in OS X from Terminal

Through the use of code found in “com.android.settings.ChooseLockGeneric class” which sets locks like password, facelock, pin, etc… the code flow can be controlled allowing the flow to continue to “updateUnlockMethodAndFinish()”. Through controlling the flow the rogue app could specify “PASSWORD_QUALITY_UNSPECIFIED” which essentially unlocks the device completely.

By doing so a rogue app planted on a device could be used to unlock and access the device at any given time. For the original proof of concept, article and examples please see IT-Security Blog at the link below.

Source: IT-Security Blog

Last Updated on January 23, 2017.

Previous

Heroes of Steel Review: Mobile Tactical RPG for Android/iOS

D-Link Patches Backdoor Vulnerability

Next

Latest Articles

Share via
Copy link
Powered by Social Snap