A word of warning for all you Android hackers and modders out there. It’s common place when messing around with custom ROMs and whatnot to check a little option inside our device’s Setting app enabling “USB debugging.” Many times this is mandatory when attempting to root a device through the use of some good old fashioned ADB, and is more or less a feature developers use when working on Android apps. Well, starting today, you might wanna remind yourself to leave that checked “off” when not in use.
According to XDA developer M.Sabra, if left enabled, someone with a little know how in the ways of ADB could easily bypass the Android pattern unlock, gain access to your device and subsequently, all the personal information therein. Funny how the FBI couldn’t figure this one out. Steps for the workaround are relatively easy and straight forward, requiring only a few lines of code to either edit some of the pattern lock values to zero, or remove the “gesture.key” function entirely. And here’s the kicker — absolutely no root is necessary for any of these steps to work.
Directions on how to get around pattern unlock can be found via the source below, and are provided as a reference for the absent minded that have locked themselves out of their own devices — not those with ill intent. Let this go to show you, there’s no such thing as full-proof security.
discomforting..
Haha this makes me laugh because I remember the news article about when the police couldn’t crack some drug dealers pattern unlock.
Perhaps he didnt tick the usb debug
That’s not funny IT WAS MY PHONE!!, nah not really but I remember that article it was funny lol good times
Google best be patchin’ that soon!
It’s not a bug. Usb debugging is not meant to be used by anyone but developers, and its not meant to be left on all the time.
FWIW, on CM10 neither method works as non-root. Yay CyanogenMod.
Method #1 FAIL:
1|shell@android:/data/data/com.android.providers.settings/databases $ ll
opendir failed, Permission denied
255|shell@android:/data/data/com.android.providers.settings/databases $ sqlite3 settings.db
Error: unable to open database “settings.db”: unable to open database file
Method #2 FAIL:
shell@android:/data $ ll /data/system/gesture.key
-rw——- system system 20 2012-08-11 04:51 gesture.key
shell@android:/data $ rm /data/system/gesture.key
rm failed for /data/system/gesture.key, Permission denied
(I use faceunlock + pattern (mostly to keep my kid outta my phone), but if I actually cared more about security I’d encrypt my phone and use a passphrase instead)
NVM
Nevermind what?
I’m pretty sure root is required on any ROM to access /data/data/ or /data/system.
The pattern unlock has been exploited many times without root or any help from any software for that matter. Just requires a set of good eyes and a very good timing. Hint: smudge
Unless you don’t use a screen protector and have oily fingers. LoL!!
a good makeup brush and a nice face power, everyone has oil on their fingers…
Guess it just goes to show that, like computers, employees working for the FBI are just like any other person. Trying to solve problems and taking certain routes they believe to be the best solution but don’t always reach the correct one. And more minds at work is more effective.
A good reason for people to work together.
Both methods described in the XDA post require root. Not sure what you’re talking about…
Actually did this on my g1 a few days ago.
I couldn’t find any apps that can toggle “USB Debugging”. I use Extended Controls and HD Widgets and neither of them has that toggle.
Does anyone else know an easy way to toggle it?
Sorry. You’re going to have to make a shortcut directly to it.
In Nova Launcher (and other launchers too I suppose), you can create a Shortcut > Activity > Settings > Developer Options. Then from there, just check the ADB box on/off.
I don’t use pattern unlock so this doesn’t apply to me.
i actually have no lock on my phone and use a app lock program to protect my personal stuff. I like being able to give my phone to my nephew and let him play games. Not worry about him going into settings and messing around.
USB Debugging is now off
I’m still not concerned because almost no one will no one will know this is possible and even fewer will know how. I do think it is hilarious that the FBI couldn’t figure it out when some guy did it for fun…