Youtuber Matt OnYourScreen has discovered a pretty unsettling way to bypass all of the security on an LG V10 and potentially gain unlimited access to the device in the future. Any LG V10 running Nova Launcher is vulnerable to this attack, and all it takes is about 30 seconds of access to the device.
To be fair, the circumstances have to be pretty perfect to be able to pull off this trick on a V10. Here’s the breakdown of how it works, but bear in mind we are in no way condoning the malicious use of this work-around. Rather, we want to make it clear how easily this vulnerability can be exploited and demonstrate the steps necessary to protect your device from exploitation.
MediaTek-related bug leaves KitKat devices vulnerable
Say someone lends you their smartphone for a minute or two. Maybe they’re showing off some cool app, maybe you’ve asked to make a call… either way, all you need is a few moments in which you have access to the V10’s screen and they aren’t paying attention.
If this person isn’t running Nova Launcher, the game’s up here. This vulnerability is only known to work on this particular launcher so far, so if your quarry is operating Google Now then they are safe from your malicious intent. However, if they are running Nova Launcher, you can tap the Home button while on the main home screen, then tap the Widgets option. Add a Nova Action widget to the home screen, and then choose the activity “com.lge.fingerprintsettings.”
Pause here for a second, because this is where the vulnerability exists. Through the normal Settings menu, it’s impossible to access this particular activity before going through a security checkpoint and confirming either a fingerprint or PIN. However, since Nova is able to ignore the normal menu flow that leads to this screen, it creates a situation where a user can add their own fingerprint to the list of allowed fingerprints without ever proving that they have authorized access to the device.
The widget on the homescreen will now lead directly to fingerprint settings, and you can add your own fingerprint before deleting the widget, leaving little trace of your actions. Unless the additional fingerprint is noticed and deleted by the primary user, you will have unlimited access to the device from here on out.
There is, however, a very simple fix to prevent this exploit from working. The LG V10 only supports four fingerprint profiles. Any attempts to add a fifth profile will fail. Therefore if you want to protect this device from this vulnerability, all you have to do is scan in four fingerprints to fill up that list. Alternatively, you can use another launcher besides Nova.
What do you think of this security settings bypass? Is this a problem that could exist on other phones running Nova Launcher? Let us know your opinions in the comments below!
Thanks, Matt OnYourScreen!