{"id":8626,"date":"2015-09-16T16:02:02","date_gmt":"2015-09-16T20:02:02","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=8626"},"modified":"2015-09-16T16:02:02","modified_gmt":"2015-09-16T20:02:02","slug":"report-new-hack-lets-an-attacker-bypass-password-locked-android-home-screens-2","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2015\/09\/16\/report-new-hack-lets-an-attacker-bypass-password-locked-android-home-screens-2\/","title":{"rendered":"Report: New hack lets an attacker bypass password-locked Android home screens"},"content":{"rendered":"<p>If no one has been able to convince you to take your device\u2019s security seriously, perhaps this hack will do it.<\/p>\n<p>A video uncovered by Ars Technica shows someone able to use the emergency call access to gain entry to a locked phone, even though it\u2019s protected with a password.<\/p>\n<p>The individual in the video types a large string of characters into the call window and copies them to the device\u2019s clipboard. The hacker is then able to open the camera from the locked device, access the options menu, and paste several characters into the password prompt. The phone then unlocks.<\/p>\n<p><span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe loading=\"lazy\" class=\"youtube-player\" width=\"640\" height=\"360\" src=\"https:\/\/www.youtube.com\/embed\/J-pFCXEqB7A?version=3&#038;rel=1&#038;showsearch=0&#038;showinfo=1&#038;iv_load_policy=1&#038;fs=1&#038;hl=en-US&#038;autohide=2&#038;wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\"><\/iframe><\/span><\/p>\n<p>The vulnerability was introduced in Android 5.0 and was fixed in the LMY48M Android 5.1.1 build released to Nexus devices (you can always grab it yourself from the Nexus Factory Images page.) However, the vast majority of Android handsets aren\u2019t of the Nexus variety, which means you\u2019re vulnerable to this hack until your device is updates. Fortunately, the attack only works if you use a password to unlock your device; you can use a PIN or pattern unlock to protect yourself. If you use a fingerprint unlock, you would need to have a PIN or pattern as the backup to fully stay secure.<\/p>\n<p>Why this matters: It hasn\u2019t been a great year for Android security, as this minor hack comes after the big scare of Stagefright. It demonstrates that Google and device manufacturers all need to step up their game so everyone can enjoy better security and not worry about a new hack every week.<\/p>\n<p>Source: <a href=\"http:\/\/www.greenbot.com\/article\/2984457\/android\/report-new-hack-lets-an-attacker-bypass-password-locked-android-home-screens.html\" target=\"_blank\">Report: New hack lets an attacker bypass password-locked Android home screens | PCWorld<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>If no one has been able to convince you to take your device\u2019s security seriously, perhaps this hack will do [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[3,7,9],"tags":[65,450],"class_list":["post-8626","post","type-post","status-publish","format-standard","hentry","category-hardware","category-security","category-software","tag-android","tag-hack"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-2f8","jetpack-related-posts":[{"id":8892,"url":"https:\/\/nccomputertech.com\/techtalk\/2016\/04\/18\/spotty-android-encryption-is-the-story-behind-the-story-of-apples-battle-with-the-fbi\/","url_meta":{"origin":8626,"position":0},"title":"Spotty Android encryption is the story behind the story of Apple\u2019s battle with the FBI","author":"NCCT","date":"April 18, 2016","format":false,"excerpt":"By Jonathan Keane | PCWorld Savvy Android users know that Apple\u2019s face-to-face with the FBI is only the beginning of the phone-encryption furor. Google CEO Sundar Pichai voiced his support for Apple and for strong and safe encryption, but he didn\u2019t give specifics on how Google would deal with this\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8617,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/09\/11\/the-first-monthly-android-security-updates-start-rolling-out-for-nexus-devices\/","url_meta":{"origin":8626,"position":1},"title":"The first monthly Android security updates start rolling out for Nexus devices","author":"NCCT","date":"September 11, 2015","format":false,"excerpt":"Google has delivered on its promise to release monthly security updates today, with the first of said updates now rolling out to nearly all Nexus devices released in the past three years. The updates haven't been given their own Android version number, with Google instead opting to simply change the\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8714,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/11\/05\/newly-discovered-adware-digs-its-claws-deep-into-android-is-nearly-impossible-to-remove\/","url_meta":{"origin":8626,"position":2},"title":"Newly discovered adware digs its claws deep into Android, is nearly impossible to remove","author":"NCCT","date":"November 5, 2015","format":false,"excerpt":"Security researchers found over 20,000 adware samples hiding in apps that masquerade as Facebook, Twitter, Snapchat, and other popular services. Derek Walter | @derekwalter | PCWorld Security researchers have uncovered a new style of Android malware that hides inside of apps that act and look like they\u2019re legitimate services. Lookout\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":7048,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/12\/05\/android-5-0-1-airs-looks-to-squash-numerous-lollipop-bugs\/","url_meta":{"origin":8626,"position":3},"title":"Android 5.0.1 Airs, Looks to Squash Numerous Lollipop Bugs","author":"NCCT","date":"December 5, 2014","format":false,"excerpt":"Google tweaks its core services in an attempt to remedy some of the problems associated with Lollipop Google Inc.'s (GOOG) Android 5.0 Lollipop saw a soft launch in mid-October and hit official AOSP (Android Open Source Project) status roughly two and a half weeks later, on Nov. 3. It's been\u2026","rel":"","context":"In &quot;Hardware&quot;","block_context":{"text":"Hardware","link":"https:\/\/nccomputertech.com\/techtalk\/category\/hardware\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8935,"url":"https:\/\/nccomputertech.com\/techtalk\/2016\/05\/31\/myspace-hack-puts-at-least-360-million-users-at-risk\/","url_meta":{"origin":8626,"position":4},"title":"Myspace hack puts at least 360 million users at risk","author":"NCCT","date":"May 31, 2016","format":false,"excerpt":"By Shawn Knight | TechSpot Time Inc., which recently acquired pioneering social network Myspace, has confirmed reports that the site was hacked. Like the Tumblr breach that we reported on yesterday, the compromised Myspace data dates back several years. Time said earlier today that it first became aware shortly before\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5724,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/06\/12\/its-official-malicious-hackers-have-crappy-password-hygiene-too\/","url_meta":{"origin":8626,"position":5},"title":"It\u2019s official: Malicious hackers have crappy password hygiene, too","author":"NCCT","date":"June 12, 2014","format":false,"excerpt":"Given the amount of time malicious hackers spend bypassing other people's security, you might think that they pay close attention to locking down their own digital fortresses. It turns out that many of them don't, according to a recent blog post documenting some of their sloppiest password hygiene. The post\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/06\/sewer-640x480.jpg?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/06\/sewer-640x480.jpg?resize=350%2C200 1x, https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/06\/sewer-640x480.jpg?resize=525%2C300 1.5x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/8626","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=8626"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/8626\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=8626"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=8626"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=8626"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}