Jump to content
Nytro

Android 5.x Lockscreen Bypass

By Nytro, in Tutoriale video

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

Android 5.x Lockscreen Bypass (CVE-2015-3860)

Posted on September 15, 2015 by jgor

A vulnerability exists in Android 5.x <= 5.1.1 (before build LMY48M) that allows an attacker to crash the lockscreen and gain full access to a locked device, even if encryption is enabled on the device. By manipulating a sufficiently large string in the password field when the camera app is active an attacker is able to destabilize the lockscreen, causing it to crash to the home screen. At this point arbitrary applications can be run or adb developer access can be enabled to gain full access to the device and expose any data contained therein.

September 2015: Elevation of Privilege Vulnerability in Lockscreen (CVE-2015-3860)

The attack requires the following criteria:

  • Attacker must have physical access to the device
  • User must have a password set (pattern / pin configurations do not appear to be exploitable)

Proof-of-concept – Nexus 4 factory image 5.1.1 (build LMY48I):

Sursa: Android 5.x Lockscreen Bypass (CVE-2015-3860) | UT Austin Information Security Office

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...