News

Android’s Pattern Unlock Easily Cracked Without Root, And Only A Little ADB

23

A word of warning for all you Android hackers and modders out there. It’s common place when messing around with custom ROMs and whatnot to check a little option inside our device’s Setting app enabling “USB debugging.” Many times this is mandatory when attempting to root a device through the use of some good old fashioned ADB, and is more or less a feature developers use when working on Android apps. Well, starting today, you might wanna remind yourself to leave that checked “off” when not in use.

According to XDA developer M.Sabra, if left enabled, someone with a little know how in the ways of ADB could easily bypass the Android pattern unlock, gain access to your device and subsequently, all the personal information therein. Funny how the FBI couldn’t figure this one out. Steps for the workaround are relatively easy and straight forward, requiring only a few lines of code to either edit some of the pattern lock values to zero, or remove the “gesture.key” function entirely. And here’s the kicker — absolutely no root is necessary for any of these steps to work.

Directions on how to get around pattern unlock can be found via the source below, and are provided as a reference for the absent minded that have locked themselves out of their own devices — not those with ill intent. Let this go to show you, there’s no such thing as full-proof security.

[XDA]

Chris Chavez
I've been obsessed with consumer technology for about as long as I can remember, be it video games, photography, or mobile devices. If you can plug it in, I have to own it. Preparing for the day when Android finally becomes self-aware and I get to welcome our new robot overlords.

Samsung: Over 10 Million Galaxy Notes Sold Worldwide

Previous article

Verizon’s Galaxy S3 Bootloader Finally Unlocked – Let The Fun Begin

Next article

You may also like

23 Comments

  1. discomforting..

  2. Haha this makes me laugh because I remember the news article about when the police couldn’t crack some drug dealers pattern unlock.

    1. Perhaps he didnt tick the usb debug

    2. That’s not funny IT WAS MY PHONE!!, nah not really but I remember that article it was funny lol good times

  3. Google best be patchin’ that soon!

    1. It’s not a bug. Usb debugging is not meant to be used by anyone but developers, and its not meant to be left on all the time.

  4. FWIW, on CM10 neither method works as non-root. Yay CyanogenMod.

    Method #1 FAIL:
    1|shell@android:/data/data/com.android.providers.settings/databases $ ll
    opendir failed, Permission denied
    255|shell@android:/data/data/com.android.providers.settings/databases $ sqlite3 settings.db
    Error: unable to open database “settings.db”: unable to open database file

    Method #2 FAIL:
    shell@android:/data $ ll /data/system/gesture.key
    -rw——- system system 20 2012-08-11 04:51 gesture.key
    shell@android:/data $ rm /data/system/gesture.key
    rm failed for /data/system/gesture.key, Permission denied

    (I use faceunlock + pattern (mostly to keep my kid outta my phone), but if I actually cared more about security I’d encrypt my phone and use a passphrase instead)

    1. I’m pretty sure root is required on any ROM to access /data/data/ or /data/system.

  5. The pattern unlock has been exploited many times without root or any help from any software for that matter. Just requires a set of good eyes and a very good timing. Hint: smudge

    1. Unless you don’t use a screen protector and have oily fingers. LoL!!

      1. a good makeup brush and a nice face power, everyone has oil on their fingers…

  6. Guess it just goes to show that, like computers, employees working for the FBI are just like any other person. Trying to solve problems and taking certain routes they believe to be the best solution but don’t always reach the correct one. And more minds at work is more effective.

    A good reason for people to work together.

  7. Both methods described in the XDA post require root. Not sure what you’re talking about…

  8. Actually did this on my g1 a few days ago.

  9. I couldn’t find any apps that can toggle “USB Debugging”. I use Extended Controls and HD Widgets and neither of them has that toggle.
    Does anyone else know an easy way to toggle it?

    1. Sorry. You’re going to have to make a shortcut directly to it.

    2. In Nova Launcher (and other launchers too I suppose), you can create a Shortcut > Activity > Settings > Developer Options. Then from there, just check the ADB box on/off.

  10. I don’t use pattern unlock so this doesn’t apply to me.

  11. i actually have no lock on my phone and use a app lock program to protect my personal stuff. I like being able to give my phone to my nephew and let him play games. Not worry about him going into settings and messing around.

  12. USB Debugging is now off

  13. I’m still not concerned because almost no one will no one will know this is possible and even fewer will know how. I do think it is hilarious that the FBI couldn’t figure it out when some guy did it for fun…

Leave a reply

Your email address will not be published. Required fields are marked *

More in News