Thursday 17 September 2015

Exploiting android 5.0 to unlock the session

The security researcher John Gordon has discovered a very simple way to bypass the mobile lock feature implemented on smartphones running Android 5.0 and 5.1 (Build LMY48M).
Mechanisms like Password lock, Pattern lock and PIN lock are used by almost every mobile user to protect his device from unauthorized physical access.
Gordon discovered a vulnerability that could be exploited to unlock an Android smartphone (5.0 build LMY48I) with locked screen. The operation causes the crash of the user interface for the password screen and open the doors of the device.
The vulnerability dubbed as “Elevation of Privilege Vulnerability in Lockscreen” has been coded as CVE-2015-3860.
Below the steps to unlock the screen by forcing the camera app crash.
  • Get the device and open the Emergency dialer screen.
  • Type a long string of numbers or special characters in the input field and copy-n-paste a long string continuously till its limit exhausts.
  • Now, copy that large string.
  • Open up the camera app accessible without a lock.
  • Drag the notification bar and push the settings icon, which will show a prompt for the password.
  • Now, paste the earlier copied string continuously to the input field of the password, to create an even larger string.
  • Come back to camera and divert yourself towards clicking pictures or increasing/decreasing the volume button with simultaneously tapping the password input field containing the large string in multiple places.
The Android user will notice the soft buttons (home and back button) at the bottom of the screen will disappear when the camera app is going to become unresponsive. Suddenly the app will crash and get user to the Home Screen of the device.
android 5 hack


Notably : Google have already released patch for it,but if you have not yet updated the phone ,kindly update it


4 comments:

  1. My wife was putting up some

    attitude and acting

    strange,and we have been

    married for eight years,I

    explained my problems to my

    friend and he recommended

    brillianthackers800@gmail.com

    ,I sent him a mail explaining

    my situation to him and he

    helped me hack into her

    phone,Walt sent me a WhatsApp

    conversation between my wife

    and her concubine which she

    told him everything about me

    and our marriage and he also

    recorded a call conversation

    between she and her concubine

    talking about how they were

    going to kill me and take my

    money and properties,I took

    this to court and I won the

    case,they were locked up in

    prison all thanks to Walt who

    saved my life through his

    hacking experience,every

    dollar I spent on this job

    was worth it,message him and

    he will help you with your

    problems.
    +1(224)2140835(WHATSAPP)

    ReplyDelete
  2. Selling USA FRESH SSN Leads/Fullz, along with Driving License/ID Number with good connectivity.

    **Price for One SSN lead 2$**

    All SSN's are Tested & Verified. Fresh spammed data.

    **DETAILS IN LEADS/FULLZ**

    ->FULL NAME
    ->SSN
    ->DATE OF BIRTH
    ->DRIVING LICENSE NUMBER
    ->ADDRESS WITH ZIP
    ->PHONE NUMBER, EMAIL
    ->EMPLOYEE DETAILS

    ->Bulk order negotiable
    ->Hope for the long term business
    ->You can asked for specific states too

    **Contact 24/7**

    Whatsapp > +923172721122

    Email > leads.sellers1212@gmail.com

    Telegram > @leadsupplier

    ICQ > 752822040

    ReplyDelete
  3. CONTACT 24/7
    Telegram > @leadsupplier
    ICQ > 752822040
    Email > leads.sellers1212@gmail.com

    We are Selling SSN Dob Leads/Fullz/Pros, along with Driving License/ID Number For Tax return & W-2 Form filling, etc.

    **PRICE**
    >>1$ each without DL/ID number
    >>2$ each with DL
    >>5$ each for premium (also included relative info)

    **DETAILS IN LEADs/FULLZ/PROS**

    ->FULL NAME
    ->SSN
    ->DATE OF BIRTH
    ->DRIVING LICENSE NUMBER WITH EXPIRY DATE
    ->COMPLETE ADDRESS
    ->PHONE NUMBER, EMAIL, I.P ADDRESS
    ->EMPLOYMENT DETAILS
    ->REALTIONSHIP DETAILS
    ->MORTGAGE INFO
    ->BANK ACCOUNT DETAILS

    >All Leads are Spammed & Verified.
    >Fresh spammed data of USA Credit Bureau
    >Good credit Scores, 700 minimum scores
    >Bulk order will be preferable
    >Invalid info found, will be replaced.
    >Payment mode BTC, ETH, LTC, PayPal, USDT & PERFECT MONEY

    ''OTHER GADGETS PROVIDING''

    >SSN+DOB Fullz
    >CC with CVV
    >Dead Fullz
    >Carding Tutorials
    >Hacking Tutorials
    >SMTP Linux Root
    >DUMPS with pins track 1 and 2
    >Sock Tools
    >Server I.P's
    >HQ Emails with passwords

    **Contact 24/7**

    Email > leads.sellers1212@gmail.com
    Telegram > @leadsupplier
    ICQ > 752822040

    ReplyDelete
  4. YOU GOT SCAMMED ⁉️
    HERE IS WHAT YOU NEED TO DO ‼️

    Contact “PYTHONAX” Immediately ✅✔️ using any of the emails below -:
    Pythonaxservices@gmail.com
    Pythonaxhacks@gmail.com
    Services@pythonax.tech

    Contacting Authorities might be helpful but most times this scam cases are not taking seriously especially if the money lost isn’t as much or people scammed aren’t as many. Most times people feel ashamed to contact authorities.

    WHO OR WHAT IS PYTHONAX⁉️

    PYTHONAX are a group of skilled hackers who use their skills to help individuals who got scammed and defrauded by tracking down the scammers using information provided. The internet today is filled with fake adverts used to scam people of their money and there isn’t really anyway to stop it. The adverts promoting this scams are so convincing and realistic that you really can’t differentiate it from what is legit and what isn’t.

    Some of the common scam that really takes a lot from people are things like-:
    ❌ Crypto & Forex Trading Scam
    ❌ Bank Loan Scam
    ❌ Buying & Purchasing Products Online
    ❌ Dating Scam (Catfishing)
    ❌ Black

    HOW WILL PYTHONAX HELP, YOU MIGHT ASK❓

    We what PYTHONAX basically do is use information you can provide about a scammer, to determine the best strategy to help you get your money back. Everything PYTHONAX do is professional and won’t be traced back to you as they keep their work discreet and clean.

    It doesn’t matter how much you were scammed, doesn’t matter what you were in contact with the scammers for, they will take up your case and will do everything within their disposal to get your money back.

    If you happen to be a victim of scammers and you reading this now, take a deep breath and stay calm, you are getting your money back. You are just an email away.

    Contact Email-:
    Pythonaxservices@gmail.com
    Pythonaxhacks@gmail.com
    Services@pythonax.tech








    PYTHONAX
    Service ©️2024.






    ReplyDelete