Elevation of Privilege Vulnerability Could Bypass "Screen Lock" Of Android 5.0 Within 5 minutes

Security Researchers John Gordon Discovered new vulnerability which allow them to bypass security lock of android 5.0 device.

The vulnerability, assigned CVE-2015-3860, has been dubbed as "Elevation of Privilege Vulnerability in Lockscreen".

Attack scenario

  • Open the Emergency dialer screen.
  • Type a long string of numbers or special characters in the input field untill limit exhausts.Don't forget to copy the long string ,coz it will work as a master key.
  • Now Open camera application and click on setting icon found in notification bar without closing the camera application
  • Now, it will ask to the input the password, paste the earlier copied continuously to the input field of the password, to create an even larger string.
  • Come back to camera and divert yourself towards clicking photos or volume button with simultaneously tapping the password input field.
As and when the camera application will get crashed by the above process attacker may access your device without password.

For more details,Watch the video demonstration given below, 

Click here,To patch the above vulnerability

Post a Comment