One of the nice features on Android phones is the ability to access the camera without having to go through the annoying process of unlocking the phone. While this feature is very comfortable, it opens a door to all kind of mischief. Especially if you have access to a friend`s phone. You can always take some funny photos that their parents would be surprised to see if they flip through the gallery. This is funny but really quite harmless, researchers from the University of Texas discovered that once the camera is active, it can be used to bypass the home screen lock and access the phone. And that is quite less harmless.
The vulnerability, first reported to Goggle in June involves creating a long string of characters by copy/pasting numbers into the emergency call screen. Then, starting the camera app from the lock screen by swiping left and trying to access the settings page by swiping down. Normally, you can not do that and will be prompted for a password.
If you continue pasting the long string of characters from the emergency call screen, the camera app will eventually crash and expose the home screen (it is sometimes partially exposed, but still provides plenty of access).
Google did release a pack for native android for this bug, but sadly many android users that do not use the native android version will have to wait for the phone manufacturer to issue a firmware fix. With the amount of devices running android, this may take quite some time….
The research page mentions that the phone must have a security set in pin or password form to be able to accomplish this breakin, and that devices which have pattern lock are safe from the issue. So if you are concerned, you can switch to pattern lock until you get a firmware fix.
This movie shows the security issue, I have to admit it quite boring, so you may wanna skip to 8:00 where the action starts.