
Bypassing the HTC One lockscreen during restart - youssefsarhan
http://blog.sefsar.com/critical-android-lockscreen-bypass
======
PetrolMan
I can't reproduce this on stock Android. I'd also like to see what happens
shortly afterwards. The video cuts off a bit abruptly and I'm curious to see
if you can maintain access or whether it kicks you back out to the the lock
screen after initialization is complete.

The text was also changed just a minute ago to remove a plug for HyperCube.
The original text included something along the lines of "Clearly there are big
problems with Android, which is why we started HyperCube..."

------
Danieru
Could a mod amend the title so it mentions the vulnerability is in HTC's
android distro and not AOSP?

------
iamben
This is more of an HTC problem than an Android one, right? Calling it Android
is a little misleading.

As an aside, I'm so glad to have stock Android - I really don't miss the days
of all the vendor and network 'extras'.

------
wlk
There are many errors in Android security, this is one that I have found:
[https://www.youtube.com/watch?v=nkdbMv0lNMc](https://www.youtube.com/watch?v=nkdbMv0lNMc)

(TLDR: just remove your SIM card when screen is off to unlock, works on
Anrdoid 4.0.3 with Acer Iconia Tab A511)

Edit: I wonder if someone with tablet could try to reproduce that?

~~~
cstrat
Odd bug, must be a SIM related PIN on the device...

------
Oletros
This is not critical Android Lockscreen Bypass, this is HTC One Lockscreen
Bypass

------
sjm-lbm
I was unable to reproduce this using a Sprint HTC One running the newest
software release (Android 4.3, HTC SW Version 3.04.651.2) - admittedly, timing
does seem tight, but I tired it several times before giving up.

It'd be interesting to know if this is just something that HTC has already
fixed, or if it is somehow related to a carrier-specific modification.

------
captainmuon
I never saw the lock screen as a serious protection mechanism, but more like a
screensaver, mainly to protect me from pocket-dialing. For me, its more like
the key lock on old dumbphones than like the pin code lock.

And since even the pin lock was trivial to bypass by law enforcement or
professional criminals (you could buy special devices to unlock the phones), I
don't expect that my phone has any really serious protection. I know iOS
devices are harder, but I'd expect the police or serious criminals to be able
to crack my Android phone in seconds. Which is ok, as long as I'm aware of it.
Of course, if my phones lock does turn out to be safe, thats great.

------
devx
HTC may have fixed it with the latest update:

[http://www.reddit.com/r/Android/comments/1og2h8/critical_and...](http://www.reddit.com/r/Android/comments/1og2h8/critical_androidhtc_one_lockscreen_bypass/)

------
AtlasLion
Does not work on my SGS3, not sure if it is because I am using Cyanogen mod or
because I have a sim pincode activated, that needs to be entered before the
pattern unlock screen.

------
gregoryw
If you're using the swipe-to-unlock, you've already lost. Use a strong
password, which serves as entropy for encrypting the disk (and check that
option).

------
Zhenya
Did you contact HTC to help them?

------
dredwerker
Can't recreate it on my Australian HTC One with 4.2.2

------
philtar
Doesn't work on HTC One running Android 4.2.2

