GET THE APP:  CURRENTLY HOT:   Android Fire TV Fire TV Forums HTC One M8 Moto 360

Android’s Pattern Unlock Easily Cracked Without Root, And Only A Little ADB

A word of warning for all you Android hackers and modders out there. It’s common place when messing around with custom ROMs and whatnot to check a little option inside our device’s Setting app enabling “USB debugging.” Many times this is mandatory when attempting to root a device through the use of some good old fashioned ADB, and is more or less a feature developers use when working on Android apps. Well, starting today, you might wanna remind yourself to leave that checked “off” when not in use.

According to XDA developer M.Sabra, if left enabled, someone with a little know how in the ways of ADB could easily bypass the Android pattern unlock, gain access to your device and subsequently, all the personal information therein. Funny how the FBI couldn’t figure this one out. Steps for the workaround are relatively easy and straight forward, requiring only a few lines of code to either edit some of the pattern lock values to zero, or remove the “gesture.key” function entirely. And here’s the kicker — absolutely no root is necessary for any of these steps to work.

Directions on how to get around pattern unlock can be found via the source below, and are provided as a reference for the absent minded that have locked themselves out of their own devices — not those with ill intent. Let this go to show you, there’s no such thing as full-proof security.

[XDA]




  • http://twitter.com/Aleis Jayrock

    discomforting..

  • itmustbejj

    Haha this makes me laugh because I remember the news article about when the police couldn’t crack some drug dealers pattern unlock.

    • Victor Ng

      Perhaps he didnt tick the usb debug

    • onpoint G

      That’s not funny IT WAS MY PHONE!!, nah not really but I remember that article it was funny lol good times

  • DavidVarghese

    Google best be patchin’ that soon!

    • Big_EZ

      It’s not a bug. Usb debugging is not meant to be used by anyone but developers, and its not meant to be left on all the time.

  • https://plus.google.com/108596272537415356460/posts Jason Farrell

    FWIW, on CM10 neither method works as non-root. Yay CyanogenMod.

    Method #1 FAIL:
    1|shell@android:/data/data/com.android.providers.settings/databases $ ll
    opendir failed, Permission denied
    255|shell@android:/data/data/com.android.providers.settings/databases $ sqlite3 settings.db
    Error: unable to open database “settings.db”: unable to open database file

    Method #2 FAIL:
    shell@android:/data $ ll /data/system/gesture.key
    -rw——- system system 20 2012-08-11 04:51 gesture.key
    shell@android:/data $ rm /data/system/gesture.key
    rm failed for /data/system/gesture.key, Permission denied

    (I use faceunlock + pattern (mostly to keep my kid outta my phone), but if I actually cared more about security I’d encrypt my phone and use a passphrase instead)

    • http://twitter.com/SpamStream lolwut

      NVM

      • https://plus.google.com/108596272537415356460/posts Jason Farrell

        Nevermind what?

    • ShaunOfTheLive

      I’m pretty sure root is required on any ROM to access /data/data/ or /data/system.

  • juiceandberries1

    The pattern unlock has been exploited many times without root or any help from any software for that matter. Just requires a set of good eyes and a very good timing. Hint: smudge

    • No_Nickname90

      Unless you don’t use a screen protector and have oily fingers. LoL!!

      • http://twitter.com/snarkybunny42 SnarkyBunny

        a good makeup brush and a nice face power, everyone has oil on their fingers…

  • Brian S.

    Guess it just goes to show that, like computers, employees working for the FBI are just like any other person. Trying to solve problems and taking certain routes they believe to be the best solution but don’t always reach the correct one. And more minds at work is more effective.

    A good reason for people to work together.

  • Scott Kennedy

    Both methods described in the XDA post require root. Not sure what you’re talking about…

  • Jnewell05

    Actually did this on my g1 a few days ago.

  • Neil Boyd

    I couldn’t find any apps that can toggle “USB Debugging”. I use Extended Controls and HD Widgets and neither of them has that toggle.
    Does anyone else know an easy way to toggle it?

    • No_Nickname90

      Sorry. You’re going to have to make a shortcut directly to it.

    • Jaymoon

      In Nova Launcher (and other launchers too I suppose), you can create a Shortcut > Activity > Settings > Developer Options. Then from there, just check the ADB box on/off.

  • Ivan Samuelson

    I don’t use pattern unlock so this doesn’t apply to me.

  • lost_man10002

    i actually have no lock on my phone and use a app lock program to protect my personal stuff. I like being able to give my phone to my nephew and let him play games. Not worry about him going into settings and messing around.

  • Rick Maldonado

    USB Debugging is now off

  • feztheforeigner

    I’m still not concerned because almost no one will no one will know this is possible and even fewer will know how. I do think it is hilarious that the FBI couldn’t figure it out when some guy did it for fun…