Feeds

Thought your Android phone was locked? THINK AGAIN

Another day, another vulnerability

Build a business case: developing custom apps

Android has taken another step to cement its place behind Java in the world of repeatedly-vulnerable software, with German group Curesec discovering that an attacker can get past users' PINs to unlock the phone.

In fact, the Curesec post states, the bug – present in Android 4.0 to 4.3 but not 4.4 – exposes any locking technique: PINs, passwords, gestures or facial recognition.

“The bug exists on the 'com.android.settings. ChooseLockGeneric class'. This class is used to allow the user to modify the type of lock mechanism the device should have,” Curesec writes.

A user changing the type of lock they're using should have to enter their previous lock – so if you swap from PIN to gesture, you would have to provide your PIN before Android allows the change.

The problem is that the program flow in the ChooseLockGeneric class lets an attacker bypass the confirmation:

“We can control the flow to reach the updatePreferencesOrFinish() method and see that IF we provide a Password Type the flow continues to updateUnlockMethodAndFinish(),” the post states. “Above we can see that IF the password is of type PASSWORD_QUALITY_UNSPECIFIED the code that gets executed and effectively unblocks the device.

“As a result, any rogue app can at any time remove all existing locks.”

Curesec has proof-of-concept code in its post. The bug has been designated CVE-2013-6271, and Curesec says it decided to go public after the Android Security Team stopped responding to its e-mails about the issue. ®

Endpoint data privacy in the cloud is easier than you think

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
They're not emails, they're business records, says court
Plug and PREY: Hackers reprogram USB drives to silently infect PCs
BadUSB instructs gadget chips to inject key-presses, redirect net traffic and more
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
prev story

Whitepapers

7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?