Feb 12th, 2016

Well, here’s a very interesting way to bypass phone security. One YouTuber  — going by Matt OnYourScreen — who happens to own an LG V10 has found a way to get into a fingerprint-protected LG V10 using their own fingerprint.

The video above explains the workaround in detail, but in case you can’t watch it involves using custom launchers like Nova Launcher to place an activity widget to LG’s fingerprint enrollment app on the home screen. Doing this will prompt a user to add a fingerprint to the device for future authentication.

LG V10

Nothing immediately sounds fishy there, except the fact that the system would usually ask for your PIN or fingerprint authentication to add a new fingerprint — this method doesn’t ask you for anything. If you go through with adding a fingerprint, you’ll find that you can unlock the device with that fingerprint at a later date despite the fact that the original owner’s fingerprints are also on the device.

We should note that this method does require someone to already have access to the phone beyond the lock screen. That’s a bit more comforting, but that does nothing for someone who may be lending their phone to someone who needs to make a phone call or look something up

There are a couple of different obvious ways you can prevent this right now:

  • Don’t let anyone use your phone.
  • Don’t use a custom launcher.

Of course, those may not be desirable options for you. Thankfully we do know that the LG V10 allows a maximum of 4 fingerprints, so the best way to prevent this is to make sure you register all 4 slots to ensure none can be added (as the trick shown in the aforementioned video would then fail).

For what it’s worth, we tried this method on a couple of other Android phones with fingerprint scanners, and their fingerprint enrollment activities failed to launch when we tried it, so it’s likely to be something that LG overlooked in their own firmware.

It’s something we’re sure LG will be looking to fix in the very near future. It’s a very serious vulnerability that only needs a tiny bit of social engineering to pull off, and those often prove to be the most devastating kind. Be sure to prevent this from happening to you while we wait for word from LG.

Thanks Matt!

local_offer    LG  LG V10  security