Friday, February 5, 2010

Android Security lockbypass

Intro:

At the risk of letting every user into my Sprint HTC Hero Android version 1.5 phone I am going to publish the steps that allow a user to get past the lock screen that is deployed with the phone.

This is not a full fledged hack, but it is more a temporary way to gain
acc
ess to the device, get the information you need and then leave it with no trace.

When you lock the Android you will notice th
at you can't access
the notifications and the only thing that you can do is make emergency calls
or enter a passcode pattern. This tutorial will show you how to enter the phone through those basic notifications just by calling the phone.


Walk though:
First you will need the phone and the ability to text, call and/or Email the person with the android device. You would have to use whatever means needed (endings of Emails, websites, phone books etc) to find out their cell phone number.

The goal is to get a "missed call" or "new text" icon to appear on the top status bar, this will serve as your entry point into the back end of the phone.

Step 1 - Place a Missed call or Text on the Android
With the phone locked, call the phone from another number. Do not answer the call, you want the missed call to show up in the status bar at the top. I would recommend that you use *67 before calling the phone number to conceal the source but once you have access you can easily d
elete the record anyway.

Note: Know that sprint logs all calls to their devices, as do many other carriers. Using a VOIP phone or google voice could work well to preserve the anonymous connection. Alternatively you could send a SMS message, Email, or other notification that you know will show up on the phone.

Step 2 - Place call and access phone
After leaving a missed call on the phone, call the Android again. T
his time answering the call on the Android device, leaving both phones on the hook to keep a open connection going.
Next, while the call is in progress, slide the notifications bar down. This time it will work, unlike when the phone was locked.

Pressing the missed call notification will allow you access to all past phone calls (left).



Step 3 - Begin traversing through phone
From the call history screen (right) you can see that there are buttons to access the list of contacts on the android.By using these buttons I was able to do the following:
  • Viewed most contact's current Facebook activity
  • Send and view recent texts
  • Make new calls and view all call history
  • Open browser and access sites with "remember me" checked, triggered by opening text containing a URL
Limitations to this hack would include the following terms and conditions (Which you may agree to by checking the radio box included below).

Agree Disagree
  • You need access to the phone physically (physical hack)
  • You need to know the person's phone number (social hacking)
  • Hitting home button will cause you to leave the screen and require you to execute steps 1 -3 to get back in.


Conclusion:
In order to prevent someone from gaining access to the information on your phone, keep it on you at all times or to use a third party app such as Wavesecure or Mobile Defense (both found in the android market). Wavesecure lets you lock, delete, backup and locate your phone through their website, while Mobile Defense allows you to view multiple device's locations and stats all on one website.