Motorola DROID unlock screen and Google account security flaw uncovered
Uh oh, a security flaw that allows unauthorized access to a locked Motorola DROID has been discovered rather haphazardly by desperate folks who were locked out of their phone. After 20 incorrect tries at entering the proper unlock sequence, an Android handset will lock itself, requiring the user to enter their Google account information. Sounds nice and easy, except there is a bug in older Android phones – even when you enter the proper credentials, the phone remains locked. This desperate situation led people to try all sorts of procedures to access the phone and turn off or change the unlock sequence. Astonishingly, someone realized that you could hit the back button during a phone call and access not only the homescreen but everything else on the phone. As long as the call is connected, the user has almost unfettered access to your supposedly locked phone. Thankfully, once the call is ended, the phone reverts back to the unlock screen and you need to enter the unlock sequence or Google account information to access the phone again. Gaining access to a locked phone by a mere phone call is bad enough but another more devious action can change your phone’s Google account and its lock sequence without your knowledge or consent. Hit the jump for the details.
To make matters worse, another person discovered that you could turn on WiFi and add a new Google account to the phone during that short time of unlimited access when the phone is in a call (as described above). Once the phone call ends, you return back to the home screen and can attempt to enter an incorrect lock code 5 times. The handset will warn you and a “did you forget your pattern” box appears at the bottom of the screen. Click on that link, enter in the credentials for the newly added Google account and voila, you can reset the unlock sequence and gain full access to the phone. A thief who had stolen your DROID (or your friend who had lifted it while you were sleeping) can easily gain full access to your phone, reset the unlock sequence, and completely shut you out.
via TechCrunch and Google
Just tested this on my g1 and it worked! Holy crap that sucks. And I have all my personal info on this this thing. They better fix this.
I don’t use the lock feature on mine, but then again I don’t let people wander off with my phone and I practically sleep with my phone….lol. But seriously….this is disturbing. What next? I have been finding the odd app on the market for antivirus protection etc. Are we already at the stage where we need to clog up our memories with antivirus software because we can be expecting viruses on our phones now?
thats not true i just tried this on my droid eris and i wouldnt let me in during a call
I was locked out of my phone today for some strange reason. I plugged my phone in last night and put on my dresser. When I turned it on this morning it was asking for my Google Account Name and Password. After several frustrating attempts I started searching and came across this page. It works! Kind of scary, but it works! The only other alternative was to do a hard reboot and loose everything on my phone that was installed (not cool).
Does the emergency call have to be to 911 because i have tryed to call other numbers and they dont work
Okay… I sat at home for hours doing this over and over, but somehow it never worked the only thing i was able to do is get into my contacts and send a text message. Until tomorrow I’m having to go without a phone because of the stupid Droid eris, will not alow me to get on to my phone and do what I need to do, I’m thinking about changing my phone to either the chocolate touch or something else because so far I do not like this phone one bit. So for everyone about to buy a Droid Eris, don’t because you will spend more time at verizon than you will getting to use your phone:/
I had ther same problem, just fixed it…create another gmail account online, its just temporary so put a bunch of fake information. call your phone from another phone, answer it but dont hang up…on your phone press the clear button, it will take you into your phone…go to settings, then to account settings and add another gmail account…dont sync anything from this account to your phone…after it is added, restart your phone and log in with this other account on your phone…after logged in, go back into settings, select that account, and remove it…i suggest then turning off the lock pattern so that this does not happed again…very frustrating…if you have any questions hit me up at hudbran@gmail.com
i tried it and i cant unlock my damn phone ugh 4 days without it
Did not work for me. When I hit back button during a received call, I can see my lock screen picture and time, but when I drag it down it wont let me. The screen is flashing back and forth from the call and lock screen picture and time. I sometimes have enough time to drag down the screen but it will not drag down.
brian at hudbran@gmail.com
thank you so much it totally worked! i was so afraid i would have to hard reset my phone…thank to u, nope don’t have to. no more security lock for me.
thank u thank u thank u
I have a question I have bought a Motorola Android i1 Boost phone today off of ebay. The only problem is the phone is locked. How do I get the phone unlocked if I have never had it activated. Can it be activated while locked? what procedure would I have to go through, I want to make sure there is nothing on the phone as if I was getting it brand new. Is that possible?