Easily Crack Android’s Pattern Unlock, No Root Required

by Ed Caggiani on
tagged , , , ,

Hey modders, devs, and hackers! You know how you keep that “USB Debugging” option checked in settings? Sure, it’s useful when you need to root a device or test an app you’re developing, but you might want to consider unchecking it when not using it.

XDA developer M.Sabra says that anyone with a little ADB knowledge can easily hack Android’s pattern unlock, essentially getting access to your entire device. Apparently it’s not that difficult to do either. Root isn’t even required.

We won’t go into detail here on how to do it, but hit the source link to find out how easily your phone can get hacked if you lose it. Don’t believe your pattern gives you total protection.

source: xda

FBI locked out by Android pattern lock

by Chris Stewart on
tagged , , ,

 

Android security tends to be a popular subject of discussion when looking for an area to criticise Android. Whether it be the much maligned Face Unlock or long-standing Pattern Lock, many tech sites enjoy nitpicking at every available opportunity. There is however one major organisation who might just disagree with the naysayers, the FBI.

Dante Dears, a San Diego based pimp was recently released from prison after serving time for trafficking prostitutes. Dears immediately violated the term of his parole by owning a cell phone which informants claim he was using to continue his pimping remotely. Naturally the FBI seized the phone and it was then that the problems began.

Dears refused to unlock the phone so the FBI promptly sent it off to the Computer Forensics Lab. Technicians at the lab succeeded only in locking the phone after too many unsuccessful unlock attempts. The phone then prompted the technicians for Dears’ Google login details which , of course, he refused to hand over. At this point the FBI had little option but to head cap-in-hand to Google to request the information. A warrant was served that asked Google for the following information :

  • The subscriber’s name, address, Social Security number, account login and password
  • “All e-mail and personal contact list information on file for cellular telephone”
  • The times and duration of every webpage visited
  • All text messages sent and received from the phone, including photo and video messages
  • Any e-mail addresses or instant messenger accounts used on the phone
  • “Verbal and/or written instructions for overriding the ‘pattern lock’ installed on the” phone
  • All search terms, Internet history, and GPS data that Google has stored for the phone

Google responded with the following statement : “Like all law-abiding companies, we comply with valid legal process. Whenever we receive a request we make sure it meets both the letter and spirit of the law before complying. If we believe a request is overly broad, we will seek to narrow it.”

How is it the phrase goes? “Pimpin’ ain’t easy”, well it seems that advances in mobile technology inadvertently made it a little easier. It goes without saying that TalkAndroid absolutely does not condone the behaviour of Dears although it is reassuring to know that the average Android owner is well protected. Perhaps the FBI will be hoping that the adoption of Ice Cream Sandwich brings an increase in Face Unlock usage, at least then they might be able to get into the phone with mugshot photos.

 

source : ars technica

Your finger smudge could be your downfall

by Chris Moor on
tagged , ,

According to researchers at the University of Pennsylvania, your fingerprints may be your downfall when it comes to your lock screen password. They have found that when you use the Android pattern unlock (the one that requires you to swipe your fingers through dots) your finger leaves oil residue on the screen. The reason this is alarming is because if you take a photo of the screen, then increase the contrast of the photo, the patterns become visable. Android 2.2 solves this problem by allowing you to use passwords requiring numbers or letters, but for our friends on 2.1 and below, beware.
Are you concerned about this? Tell us what you think in the comments.
[via eSecurity Planet]