Xperia Z security flaw allows users to bypass the lockscreen

March 25, 2013
2
75
32 23 20

xperia-z-front

Earlier today a security exploit for the Xperia Z showed up, allowing unwanted users to bypass your lock screen and gain full access to your handset. This adds Sony to the list of companies which have seen some of their handsets experience a security risk by allowing people to bypass the lock screen.

The exploit works by simply entering a number on the emergency call screen and browsing through a few settings. Entering *#*#7378423#*#* (or *#*#service#*#* if you were to replace the numbers with corresponding keypad letters) grants the user access to the service menu, which can be done on any Xperia phone.

From there if the user runs the NFC Diag Test and then proceeds to press the home button they will appear on the phone’s home screen, will full access to the rest of the device.

Usually the service menu is used to assist in diagnosing faults with a phone, and would normally return the user to the lock screen if they attempted to access the main handset, preventing unauthorized access. So the problem here isn’t with the code, but with the fact that pressing the home button works as a bypass.

Scott Reed, who initially discovered the security flaw, has posted a video of the exploit in action. He discovered the exploit whilst checking out rooting possibilities on his own Xperia Z handset.

Hopefully Sony will be onto this problem with a quick fix as soon as possible, but until then don’t let your handset out of your sight.

Comments