Viewing a single comment thread. View all comments

twitterfluechtling t1_iw74t7q wrote

What about encrypted devices? I expect Android can't unlock the storage without the security code, so it should be logically impossible to dismiss that dialog and still start the device?

76

MindStalker t1_iw7d29x wrote

It looks like you don't need to shut down the device. So if it's already on when stolen your screwed.

40

davidemo89 t1_iw9168r wrote

You were screwed. They fixed it.

8

deserteagle_007 t1_iwahxf5 wrote

For anyone running Security patch November release. So most phones are still vulnerable besides Pixels

10

ListRepresentative32 t1_iw79osw wrote

Yes, the bypass doesnt work after a fresh reboot. On a device that was atleast once unlocked after boot, it works no problem.

22

aredna t1_iwb86ee wrote

According to his blog it also works after a reboot and that's how he found it. He later found the reboot wasn't necessary. This made it more dangerous because you need less time to get in.

3

ListRepresentative32 t1_iwbw4cy wrote

Depends on what exactly works. The lock screen dismiss works everytime, that's true. But its of any use only if the device was previously unlocked with PIN/password after boot. Otherwise the phone is still encrypted and bypassing the screen is useless(you can't access any user data)

1

Translationerr0r t1_iw7hunl wrote

That's not how I read this: they started from an unlocked state to get passed the fingerprint unlock screen. Did I miss something?

−16

Macluawn t1_iw9p8dy wrote

When a phone is rebooted, a password must be entered before touch id or face id will work.

In this context, "unlocked" doesnt mean you start from the home screen - it means the password was entered at some point since the phone was last booted up and is now in an unlocked state where touch/face id can be used.

7

Translationerr0r t1_iw7hnvf wrote

The article mentions you either run into fingerprint unlock screen (when starting from a locked screen or after restart) OR you start from an unlocked screen (which makes the hack just a waste of time as its already unlocked).

4