Many Android users will choose to use a lock screen password protect the device, but the latest burst of vulnerability was shocking: any person who without complex operation can bypass the lock screen directly into your system! An attacker can exploit the pilot gets a lock on the device all the permissions: enter a long string causes the lock screen and camera crash directly into the main screen. Then the attacker can turn on the USB debugging function, connecting computer, and ultimately get the phone in a lot of information. This vulnerability exists in Android 5. x The need to meet two conditions An attacker with the device needs to have physical contact Lock screen mode you must use the Password Lock Screen pattern or pin password are not） PoC video (Nexus 4, Android version 5. 1. 1 build LMY48I)
During the attack 1. In the lock screen, tap“emergency dial”. ! 2. Enter a few characters, such as 1 0 an asterisk. Double-click the character to highlight, and then click Copy. Then in the input area of the Paste, so that the number of characters is doubled. This process is repeated until the input area of the character string is too long, the double-click has can no longer highlight these characters. The number of repetitions is about 1 1 times or so. !
! ! 3. Back to the lock screen, and then draw left exhaled the camera, pull down the notification drawer open notification, then click in the top right is a settings(gear)icon, and then it will pop up the password input box. !
! ! 4. Long press on the password area, and then paste the character. Continue to long press on cursor, then paste, the number of repetitions the more the better, until you see the UI crashes, the bottom of the screen the soft keys disappear, the camera becomes full-screen. (Tip: when pasting the process it is recommended to let the cursor always at the end of the string location, long time as close as possible to the cursor center. After a long press the Paste button appears the time may be greater than generally to the length.) !
! 5. Then wait for the camera app to crash, and then exposed to the main screen. This step is time consuming and may depending on the circumstances the difference is huge, but the result should be a camera crash. You should pay attention to the camera of the focus of the process is a bit slow, if you use the physical buttons to take pictures is likely to accelerate the collapse process. If long time no activity leads to quenching of the screen, you'll need to re-lit the screen waiting on the line. In some situations, the camera app after the collapse will enter directly into the main screen, as shown below, others will go to a rather strange main screen, as shown in this PoC video shown. !
! 6. Then, you can go to your phone settings, open the USB debugging features in the“About phone”tap the build number 7 times and then connect the PC, through adb tool to execute any command or access device files. !