Rogue apps can remove Android device locks
Posted on 03 December 2013.
Security researchers from German IT consultancy Curesec have uncovered the existence of an Android flaw that could allow hackers to remove all existing device locks activated by users.

“Android implements several locks, like pin, password, gesture and even face recognition to lock and unlock a device. Before a user can change these settings, the device asks the user for confirmation of the previous lock,” they explained in a blog post.

“The bug exists on the ‘com.android.settings.ChooseLockGeneric class’. This class is used to allow the user to modify the type of lock mechanism the device should have.”

They claim - and have ultimately proven by releasing two proof-of-concept apps - that a rogue app can very easily perform the code change necessary to remove device locks without needing to get any permission from the user.

The flaw is present in Android OS 4.3 (Jelly Bean), and the researchers say that they have shared their findings with Google on October 11. The company apparently acknowledged having received the email, but didn’t comment on the matter, so the researchers decided to go public with it last week.









Spotlight

Biggest ever cyber security exercise in Europe is underway

Posted on 30 October 2014.  |  More than 200 organisations and 400 cyber-security professionals from 29 European countries are testing their readiness to counter cyber-attacks in a day-long simulation, organised by the European Network and Information Security Agency (ENISA).


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //