A new method to avoid locking on Android appears

On a Android terminal, even a terminal setting a lock by password etc. found a new method which can avoid the lock screen. This was announced by the University of Texas at Austin, and a practical movie is released on YouTube.

Android 5.x Lockscreen Bypass (CVE - 2015 - 3860) | UT Austin Information Security Office
http://sites.utexas.edu/iso/2015/09/15/android-5-lockscreen-bypass/

Android 5.x Lockscreen Bypass - YouTube


OS of target terminal is Android 5.1 line.


If you attempt to unlock it, it will become the password input screen. We will use "EMERGENCY CALL (emergency call)" here.


Emergency calling is a function that is prepared to call the police and emergency even if locked, but just enter the asterisk ("*" sign) as the telephone number here ... ....


When you enter 10 pieces, copy and paste its contents. Next, select all, copy and paste, select all, copy and paste ... ... and repeat the work eleven times.


The entry field was filled with an asterisk.


Use the "return" button here to return to the lock screen. Now swipe the camera icon displayed in the lower right as a shortcut.


Activate the camera.


Even in the locked state, the camera starts up is a specification so there is no problem.


Next, swipe the screen from the top, display the notification / setting, tap the gear icon that appeared in the notification bar.


You will be prompted to enter your password.


Press and hold the input field ......


Paste the herd of asterisks.


Then the screen returns to the camera application. At this point we have not succeeded in avoiding the lock screen yet.


Eventually the camera application crashed suddenly. It takes about 5 minutes and 30 seconds for the application to crash in this video.


After the crash the home screen was displayed. Although the lock itself is not released, you can access data in the terminal freely by using "ADV (Android Debug Bridge)" by turning on "USB debug" from the setting.


This vulnerability has been reported to Android's security team on June 25. On September 9, version 5.1.1 (LMY 48 M) which took measures against has been released.