Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Unlock Android 5.x devices is very easy

The security researcher John Gordon has found an easy way to unlock smartphones running Android 5.0 and 5.1 (Build LMY48M). The security researcher John Gordon has discovered a very simple way to bypass the mobile lock feature implemented on smartphones running Android 5.0 and 5.1 (Build LMY48M). Mechanisms like Password lock, Pattern lock and PIN lock […]

Unlock Android 5.x devices is very easy

The security researcher John Gordon has found an easy way to unlock smartphones running Android 5.0 and 5.1 (Build LMY48M).

The security researcher John Gordon has discovered a very simple way to bypass the mobile lock feature implemented on smartphones running Android 5.0 and 5.1 (Build LMY48M).

Mechanisms like Password lock, Pattern lock and PIN lock are used by almost every mobile user to protect his device from unauthorized physical access.

Gordon discovered a vulnerability that could be exploited to unlock an Android smartphone (5.0 build LMY48I) with locked screen. The operation causes the crash of the user interface for the password screen and open the doors of the device.

The vulnerability dubbed as “Elevation of Privilege Vulnerability in Lockscreen” has been coded as CVE-2015-3860.

Below the steps to unlock the screen by forcing the camera app crash.

  • Get the device and open the Emergency dialer screen.
  • Type a long string of numbers or special characters in the input field and copy-n-paste a long string continuously till its limit exhausts.
  • Now, copy that large string.
  • Open up the camera app accessible without a lock.
  • Drag the notification bar and push the settings icon, which will show a prompt for the password.
  • Now, paste the earlier copied string continuously to the input field of the password, to create an even larger string.
  • Come back to camera and divert yourself towards clicking pictures or increasing/decreasing the volume button with simultaneously tapping the password input field containing the large string in multiple places.

The Android user will notice the soft buttons (home and back button) at the bottom of the screen will disappear when the camera app is going to become unresponsive. Suddenly the app will crash and get user to the Home Screen of the device.

android 5 hack

Below the Video PoC of the hack.

Google has already released a patch for its Nexus devices.

Pierluigi Paganini

(Security Affairs – Android 5.x, hacking)