Bypassing the Android PIN using fast tapping

Peter Kasza

Lock screens are still hard

Just the other day I’ve noticed that the main screen is shown on my android phone when I exit from an application that is launched while the phone is locked. In my case I can run either the camera or a note taking application by pressing a button on the back of the phone.

It turns out that during that brief period we have access to the phone and if we time our actions right, we can start programs or change settings by quickly tapping on the screen. Surely it’s a bit tedious to do so, but by fiddling around I’ve managed to enable and authorize USB debugging. Having an ADB shell, an attacker could launch malicous programs, download personal files or even root the phone.

I am using the latest android update for LG G3 (android version: 5.0, kernel 3.4.0).