Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Bypassing the HTC One lockscreen during restart (sefsar.com)
30 points by youssefsarhan on Oct 14, 2013 | hide | past | favorite | 14 comments


I can't reproduce this on stock Android. I'd also like to see what happens shortly afterwards. The video cuts off a bit abruptly and I'm curious to see if you can maintain access or whether it kicks you back out to the the lock screen after initialization is complete.

The text was also changed just a minute ago to remove a plug for HyperCube. The original text included something along the lines of "Clearly there are big problems with Android, which is why we started HyperCube..."


Could a mod amend the title so it mentions the vulnerability is in HTC's android distro and not AOSP?


This is more of an HTC problem than an Android one, right? Calling it Android is a little misleading.

As an aside, I'm so glad to have stock Android - I really don't miss the days of all the vendor and network 'extras'.


There are many errors in Android security, this is one that I have found: https://www.youtube.com/watch?v=nkdbMv0lNMc

(TLDR: just remove your SIM card when screen is off to unlock, works on Anrdoid 4.0.3 with Acer Iconia Tab A511)

Edit: I wonder if someone with tablet could try to reproduce that?


Odd bug, must be a SIM related PIN on the device...


This is not critical Android Lockscreen Bypass, this is HTC One Lockscreen Bypass


I was unable to reproduce this using a Sprint HTC One running the newest software release (Android 4.3, HTC SW Version 3.04.651.2) - admittedly, timing does seem tight, but I tired it several times before giving up.

It'd be interesting to know if this is just something that HTC has already fixed, or if it is somehow related to a carrier-specific modification.


I never saw the lock screen as a serious protection mechanism, but more like a screensaver, mainly to protect me from pocket-dialing. For me, its more like the key lock on old dumbphones than like the pin code lock.

And since even the pin lock was trivial to bypass by law enforcement or professional criminals (you could buy special devices to unlock the phones), I don't expect that my phone has any really serious protection. I know iOS devices are harder, but I'd expect the police or serious criminals to be able to crack my Android phone in seconds. Which is ok, as long as I'm aware of it. Of course, if my phones lock does turn out to be safe, thats great.


HTC may have fixed it with the latest update:

http://www.reddit.com/r/Android/comments/1og2h8/critical_and...


Does not work on my SGS3, not sure if it is because I am using Cyanogen mod or because I have a sim pincode activated, that needs to be entered before the pattern unlock screen.


If you're using the swipe-to-unlock, you've already lost. Use a strong password, which serves as entropy for encrypting the disk (and check that option).


Did you contact HTC to help them?


Can't recreate it on my Australian HTC One with 4.2.2


Doesn't work on HTC One running Android 4.2.2




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: