4 replies to this topic

[eyecre8]

A new lock screen vulnerability with the Sony Xperia Z grants full access to the phone.

In recent weeks, multiple lock screen security holes have been discovered in the Apple iPhone 5, Samsung Galaxy S III, and Samsung Galaxy Note II. While those hacks granted limited access to the phone, a new hack has been discovered that completely exposes the Sony Xperia Z.

Like the iPhone and Galaxy vulnerabilities before it, the Xperia Z hack gains entrance to the phone through the Emergency Dialer. An Xperia Z owner exploring the software discovered that it's possible to bypass the security lock screen by entering a code to run diagnostics on the device. Pressing the home button on a particular screen will then return the user to the home screen, granting full access to the device.


Steps to reproduce:

While phone is locked press 'Emergency Call' button.

At next screen (keypad) press the following keys: *#*#7378423#*#*

Please Login or Register to see this Hidden Content

 

Please Login or Register to see this Hidden Content

  18.83KB   14 downloads

This should bring up a Service menu. Choose 'Service Tests'

Please Login or Register to see this Hidden Content

 

Please Login or Register to see this Hidden Content

  17.11KB   7 downloads

At the next menu, scroll down and choose 'NFC', then 'NFC Diag Test'

Please Login or Register to see this Hidden Content

 

Please Login or Register to see this Hidden Content

  22.65KB   6 downloads

Please Login or Register to see this Hidden Content

 

Please Login or Register to see this Hidden Content

  14.92KB   2 downloads

While the test is running, press the 'Home' button/icon (that resembles a house)

Please Login or Register to see this Hidden Content

 

Please Login or Register to see this Hidden Content

  17.43KB   1 downloads

You should now be on the homescreen of the device = profit!

Please Login or Register to see this Hidden Content

 

Please Login or Register to see this Hidden Content

  18.9KB   1 downloads

Sony is aware of the lock screen bypass and is working on a fix.

Via:

Please Login or Register to see this Hidden Content

Please Login or Register to see this Hidden Content

Video tutorial here:

Please Login or Register to see this Hidden Content

!

[robocuff]

Well, this is interesting info but do you or we or whoever really have to add to the problem by publishing the steps necessary to get into the phone? Seems to me this is no different than telling somebody how to get around password security or some such thing in Windows or what have you. Give us the story, that's fine. But from where I stand (and I'm just nobody, I know) it seems the actual directions on how to do it really aren't necessary. Just my two cents worth.

[cdavid469]

Robo there are legitimate uses for this flaw. If someone decides to use it for something other than that, they are making that choice. I can tell you how to start a car without a key. It doesn'tmean I taught you how to steal a car.

[eyecre8]

Robo, I appreciate the angle and the concern. Speaking from the stance of a security professional this type of article falls under the guidelines of responsible disclosure.
The populous are entitled to know of such vulnerabilities, the ease at which they are accomplished, and what risk is exposed. It is this method and this method alone that lights fires under the manufacturers
behinds to patch the issue. If you are at all familiar with the SDLC policies of most software development companies you would know that their 'MO' is to pump out as much software in as little amount of time possible with little to no concern for secure coding. Responsible individuals will often directly notify a vendor of a new flaw or vulnerability, however, you will find that more often than not, the vendor will sit on this information and not work towards resolving (patching) the vulnerability. A fire must be lit to motivate the vendor to fix their own code.

[robocuff]

Well, I appreciate your tone in the way you came back at me. I was hoping I wasn't stepping on toes or coming off as trying to start something. It's just that I've always believed these types of things are best left unsaid. I understand what you are saying about the software companies and their views toward software and security. Still, I can't help but think there's got to be a better way. I can see no legitimate use for something like this. People getting locked out of their phone at the lock screen has to happen about as often as snow in southern Texas and if and when it does; how many of those times is a Samsung phone involved? That's about the only thing I can see it being used legitimately for and that just doesn't happen. I know, you didn't say anything about that. It's just a response to the post before yours.

i used to be a mod for a well known Windows forum. Was for many years. One of the things we never allowed was questions on how to recover logon passwords or how to circumvent them. You never know if that person is truely the owner of the computer involved or if he or she isn't. Personally, when somebody says to me "I forgot my password and can't log on" or some such thing, I always raise(d) my eyebrows. Anyway, another rule was pretty much just what we're talking about here. You can post the exploit, not the details of how to do it. I know this has nothing to do with this forum or this particular thread but it maybe gives you an idea of where I'm coming from. It's what I've always been used to, what I've always thought. I don't think it does anybody any good to spread the thing around.

I guess this is just one of those times we'll just have to respectfully agree to disagree. Hope you didn't take any offense at my post. I really meant no disrespect. This is just one of those things I couldn't keep my fat trap quiet about. HAD to say it.