Android Security Advisory: How To Keep Pattern Lock Secure

Pattern locking your Android can be a convenient way to help keep it secure, even if the phone should fall into the wrong hands. However, while a pattern lock is a whole lot more reliable than a face-based lock, there are still ways to get around it, as discussed in a recent XDA-Developers thread. Luckily, there are a few simple steps you can take to help keep your phone a whole lot safer.

There are multiple methods an attacker could use to try bypassing a pattern lock once he had physical possession of the phone, but all work by modifying the phone’s settings database while the handset is still locked. One way an attacker could do this is by connecting to your phone and running the Android Debug Bridge. So, the first way you can help protect your phone is by disabling USB debugging (or just not enabling it in the first place).

Even if you have debugging enabled, you’re not necessarily insecure; the attacker will still need the permissions to modify the database. Some manufacturers have their phones configured so that just ADB access alone will be sufficient, while the attack requires that you’re phone’s been rooted in other cases; not rooting your phone is the other big step you can take to help keep it safe from prying eyes.

Without root, and especially without USB debugging, you’re safer, but not completely out of the woods. If you have a custom recovery installed, an attacker may be able to boot into that and mount the partition holding the needed data, before modifying it to disable the lock.

In all likelihood, you’ve got a better chance of needing to use one of these attacks to get into your own phone after forgetting the pattern than having some bad guy try to steal all your data, but it can’t hurt to be aware of the vulnerabilities, all the same.

Source: XDA-Developers forum
Via: The Droid Guy

Share This Post

Watch the Latest Pocketnow Videos

About The Author
Stephen Schenck
Stephen has been writing about electronics since 2008, which only serves to frustrate him that he waited so long to combine his love of gadgets and his degree in writing. In his spare time, he collects console and arcade game hardware, is a motorcycle enthusiast, and enjoys trapping blue crabs. Stephen's first mobile device was a 624 MHz Dell Axim X30, which he's convinced is still a viable platform. Stephen longs for a market where phones are sold independently of service, and bandwidth is cheap and plentiful; he's not holding his breath. In the meantime, he devours smartphone news and tries to sort out the juicy bits Read more about Stephen Schenck!