Not sure if this is well known or not but if you lose your android phone and think that your 4 digit lock screen password is going to cut it, you may be wrong. I realize that most people here know multiple ways to get access to a device but I haven't seen this way before and thought it was unique.
A 4 digit password can be brute force hacked in 16.5 hours, using the USB rubber duckie developed by the guys at Hak5.
They have a detailed video posted over at: http://hak5.org/episodes/hak5-1217
It works because android doesn't implement longer wait times between unsuccessful pin entries. Every 5 tried it locks you out for 30 seconds. That's it! That's all! Every 5 times, 30 seconds over and over again! It never gets longer! Thus why it takes 16.5 hours to go from 0000 to 9999 with one second between attempts, and 30 seconds between every 5 attempts.
Hopefully this gets fixed in the next version of android. For comparison, BlackBerry has a 10 password rule and the phone gets wiped and Apple makes successive longer wait times and will ultimately lock itself and need to be plugged into the original syncing computer (I believe, not really a big Apple fan, so I don't know for sure)
Thanks for this information
The difference in the time it takes to break a 5 digit pin or a 10 digit pin is cRaZy
Sure, the wait times should be "smarter" - but if you're keeping TRULY sensitive information on your phone, just use a real password to unlock it, not a PIN.
Or, perhaps a solution in the spirit of Android would be to let people decide for themselves how they want it implemented. Some people wouldn't care and wouldn't want their data to be wiped after ten wrong tries - I mean, wow - that would suck if someone knew that and wanted to be malicious and wipe your phone for the lulz or whatever. Or if you wanted to let a kid play with it - which I've read a lot of people do (beats me, but hey). Other people who need tighter security could choose that.
Any tips on how to bypass or brute force the android pattern lock?
After a certain number of tries, Android will not allow you to unlock via PIN, and force you to enter a Google account registered on the phone.
Hacker can't get past that unless they know whose Google account is on the phone, and then they have to hack a Google account
Sent from my DROID2 using xda premium
I have never thought the android lock screen was any good if im honest. if you have a dirtyish screen you can actually see the pattern you draw.
Sent from my Nexus 7 using xda app-developers app
What gagdude said, after so many failed attempts you need to login via your associated Google account.
Ty for sharing
Sent from my MK16i using xda app-developers app
Hmmmm interesting, wonder how long it would take for the pattern method of unlocking.
xillusionzx said:
Hmmmm interesting, wonder how long it would take for the pattern method of unlocking.
Click to expand...
Click to collapse
Depends. A 4 digit PIN is 10*10*10*10=10000
A pattern can be from 9*8*7*6 to 9! possibilities
Sent from my Nexus 4
Hi!
I just think PIN is unuseful. I was cheated by one of my friend because he discovered the PIN of my phone. I give my phone to nobody no more. Now I have a phone without protection: it is more comfortable!
Put any password /pin, u can just boot into recovery, do a factory reset and it's all gone! Right? (in case of theft I'm talking about)
Thanks for the heads up, my mother in lay asked this about her new Note II today.
Lifehacker7 said:
Put any password /pin, u can just boot into recovery, do a factory reset and it's all gone! Right? (in case of theft I'm talking about)
Click to expand...
Click to collapse
As if someone who actually goes low enough to steal know what recovery is.
What I'm trying to say here us that the average person doesn't know what recovery is.
Sent from my Nexus 4
gagdude said:
As if someone who actually goes low enough to steal know what recovery is.
What I'm trying to say here us that the average person doesn't know what recovery is.
Sent from my Nexus 4
Click to expand...
Click to collapse
Just sayin!
Lifehacker7 said:
Just sayin!
Click to expand...
Click to collapse
I know; I used to worry about this until I asked my friend about it and he was like "what's recovery? Stop being a nerd." And then it hit me: people don't know what it even is, much less how to boot into it
Sent from my Nexus 4
Yeah, but all but the dumbest theives have the wits to Google search If they have an issue that's in the way of turning a profit (like a lock screen). It's occupational information even if it's not known to "normal" people. You know, like lock picking, hot wiring, et cetera. Not all theives are rock-stupid - and maybe some are, and but they're stealing phones they can't sell at low costs/for meth to someone who in fact does know how to make these devices much more profitable.
Sent from my Transformer TF101 using xda app-developers app
If someone steals my phone he can just flash a new rom on it.
No need to brute force the password/pin unless he's after my personal info/my messages.
Related
You have until tomorrow to download wave secure for android and get a free lifetime account for whatever phone (sim) you put it on! Go and get now!
I'd love to but I still cannot activate because I dont have text messaging on my phone, it does not work with google voice messages
Posted on their forum, its a known issue.
Gr8gorilla said:
You have until tomorrow to download wave secure for android and get a free lifetime account for whatever phone (sim) you put it on! Go and get now!
Click to expand...
Click to collapse
Thanks, planned on signing up at some point but just did it now while it's free
Thanks for the heads up. Just signed up, it was easy as pie. Already have my SMS backed up and tried the remote location feature - it was accurate within a block, which was impressive. Can't beat the price, too!
Had it for a while.. cannot stress how awesome it is, get it while you can!
Rusty! said:
Had it for a while.. cannot stress how awesome it is, get it while you can!
Click to expand...
Click to collapse
+1
everyone I know with android devices went and signed up after I gave them a quick demo.
If you uninstall this, then you're screwed? Can you ever get it back?
as far as I know signing up on the site sets up an account that is good for whatever sim you registered.
Also there is a an app on the market now that locks down your phone if wave secure is uninstalled! even more protection for your device.
You may not get the phone back but at least whoever steals it cant use it either.
dmo580 said:
If you uninstall this, then you're screwed? Can you ever get it back?
Click to expand...
Click to collapse
If you mean as far as the free account goes, as long as you have created your account on phone and website, should be able to reinstall at any time.
Well they can hard reset, but a random thief/finder may not know that.
I have the uninstall protection.
AWESOME.
*downloads*
Rusty! said:
Well they can hard reset, but a random thief/finder may not know that.
I have the uninstall protection.
Click to expand...
Click to collapse
wouldn't that be the same as a remote with wave secure? I guess if they wiped the phone as soon as they stole it before you had a chance to lock it down. Once its locked they can't reset, or is there some other way to reset that I am not aware of?
Reset via the bootloader, indefensible.
How does this program compare to Mobile Defense? I have that installed on my N1 right now, but if people here like Wave Secure more, I might make the switch over. Thanks!
Get it while it's free and decide for yourself... you don't have to use it if you prefer Mobile Defence
Gr8gorilla said:
wouldn't that be the same as a remote with wave secure? I guess if they wiped the phone as soon as they stole it before you had a chance to lock it down. Once its locked they can't reset, or is there some other way to reset that I am not aware of?
Click to expand...
Click to collapse
Pull the battery?
Thanks for letting us know. It would be shame to miss a life time subscription on this.
That being said... i'm a bit disappointed with it. Location service is really bad... all it does it show your phone at the closest tower. It showed my phone almost a half a mile away. No way I would ever find it. Also, any command issued seems to take forever, or, as I just saw, not work at all "Your phone failed to lock". The first time it locked but took an abnormal amount of time (their words). I'm guessing its the fact that its a Singapore SMS coming into AT&Ts network.
None the less, it can only get better. Thanks again.
legend1222 said:
Pull the battery?
Location service is really bad... all it does it show your phone at the closest tower. It showed my phone almost a half a mile away. No way I would ever find it.
Click to expand...
Click to collapse
Sounds like it couldn't get location from your GPS and failed back to cell tower location. When I do it sitting in my house it shows a a circle no bigger then my property centered on my house on google maps!
Thanks for the heads up! *downloads*
What he said ^
Awsome! I did this without even knowing! :d
I've been thinking about removing the security pin on my phone so I just slide to unlock instead of requiring a pin.. I have motoblur and can remotely wipe the phone if I lose it (if someone doesn't find it and remove sim first ) the reason is im just sick of putting my pin in all the time.. I don't keep any major personal information on the phone.. the worst thing would be access to any cached emails or txt mags if found by a not nice person.. any major security issues I might not be thinking of? Do you require a pin or not? And why?
Sent from my MB860
No thoughts?
Sent from my MB860
I've never used a lock pattern or pin. I use another security device that came free with my pants: my pocket.
Just keep track of your belongings.
iwasapirate said:
I've never used a lock pattern or pin. I use another security device that came free with my pants: my pocket.
Just keep track of your belongings.
Click to expand...
Click to collapse
+ 1
Ten char
Sent from my ADR6300 using XDA App
iwasapirate said:
I've never used a lock pattern or pin. I use another security device that came free with my pants: my pocket.
Just keep track of your belongings.
Click to expand...
Click to collapse
Second that. Sercurity is important, but putting in a pattern or pin everytime would get extremely old/annoying.
I also thought about the pin, but decided it would be too much everytime I want to use the phone, but I suppose once you set it up you would get used to it like anything else.
How many times a day to you wake up your telly? lol thats alot of pin entering.
In July 2011, my Nexus S was stolen. I went to the police but they said they probably couldn't recover the device. So I just kinda let it go.
Well, a few weeks ago I found out the the phone was still connected to my Market account. This provides a bit of a security concern because I've got my credit card on my market account too, but they haven't bought anything. Just for fun, I decided to download and install Plan B to the phone, and within a few hours, I got four emails of the phone's location within 15 meters. Well, I didn't have time to bring that to the police, and that was eleven days ago. So I have a few questions:
1. I want to be able to get a more recent location because I'm afraid the police will say the location is too many days old. I know you can text "locate" or whatever to the phone but it's not my number anymore. (I know this because on my market account it says it's an AT&T phone whereas I'm on T-Mobile.)
2. Is there any way at all to remote remove the app and re install it?
3. Is there another app similar to Plan B that I can do the same thing?
4. Is there anything else I can do?
-Matthew
That really sucks. I know Lookout had an option on their site to collect the location through the internet, no phone number required. Don’t know if it's 100% sure, but it's worth a shot. Really hope you get your phone back. Good luck!
Sent from my Nexus S using xda premium
flodb113 said:
That really sucks. I know Lookout had an option on their site to collect the location through the internet, no phone number required. Don’t know if it's 100% sure, but it's worth a shot. Really hope you get your phone back. Good luck!
Sent from my Nexus S using xda premium
Click to expand...
Click to collapse
I never installed the Mobile Security app. :/ So I don't know if that would help me. Thanks though!
mattjorgs said:
I never installed the Mobile Security app. :/ So I don't know if that would help me. Thanks though!
Click to expand...
Click to collapse
You should be able to login to your Google voice account and see which number it now forwards to. Assuming you had it on the phone and they did set it up. If not you can just text to your Google voice number and it should go through.
I don't have Voice to forward to any phone. :/ Darnit!
Hang on. You used Plan B, you got the location of your missing phone... and then did NOTHING?
DirkGently said:
Hang on. You used Plan B, you got the location of your missing phone... and then did NOTHING?
Click to expand...
Click to collapse
It was during a busy week. :/ Last week of school before break, billions of projects and tests. :s
I did talk to my dad about it (ex-cop) and he said they'd probably say it isn't enough to get a search warrant to get it or anything...
Um by any chance did you use latitude? All you need then would be a friend's phone and it would be like a gps to your phone
Sent from my Nexus S using XDA App
aic719 said:
Um by any chance did you use latitude? All you need then would be a friend's phone and it would be like a gps to your phone
Sent from my Nexus S using XDA App
Click to expand...
Click to collapse
Never used Latitude. Not sure if any of my friends even use it. I'm like a hardcore geek compared to those gamers. xD
Hey, guys
I am Android developer & recently I have launched an app which Intelligently locks & Unlocks your device using various sensors.
The name of app is Cover Algorithm.
Edit: Now, name changed to Automaton.
So, I wanted to design my app to use special /extra Sensors like Infra-red, proximity, etc.
So, I need to help of S4 users / developers to find any way to use those sensors programmatically to make my app better.
This thread will help all, possibility to use S4 sensors in CyanogenMod & lot more
Sent from my SGS3
Waiting for reply guys
Sent from my SGS3
This is interesting. Brainstorming Is needed to help out
Sent from my GT-I9505 using Tapatalk 4 Beta
Samsung probably have APIs for those sensors...
Sent from my GT-I9505
theo80 said:
Samsung probably have APIs for those sensors...
Sent from my GT-I9505
Click to expand...
Click to collapse
I had searched their dev site.
But, didn't found anything.
Would be great if they have or release API for it.
Sent from my SGS3
Hi, from a developer point of view do you think the app will be commercially viable?
Since it will cauwe so many battery drains
Sent from my GT-I9500 using xda premium
Shake it, baby!
I think I could use a "shake-to-lock" feature as well a "hold X button & shake-to-unlock" feature when the phone is locked using a password, a pin or even a pattern.
Just my 2c...
chintz24 said:
Hi, from a developer point of view do you think the app will be commercially viable?
Since it will cauwe so many battery drains
Sent from my GT-I9500 using xda premium
Click to expand...
Click to collapse
Yep, did you tried my app it doesn't even consume any battery.
So, why can't this
Sent from my SGS3
msxDr0id said:
I think I could use a "shake-to-lock" feature as well a "hold X button & shake-to-unlock" feature when the phone is locked using a password, a pin or even a pattern.
Just my 2c...
Click to expand...
Click to collapse
Thanks, the first feature is already present just the 2nd is great idea.
Thanks for your idea.
Just, post your real name. So, that I could add it in credits when my app will that 2nd feature you said.
Sent from my SGS3
Don't make it obvious
No prob, enjoy
What I do really believe is that the unlock feature shouldn't be noted anywhere as it would totally invalidate the locking feature itself, it has to be the owner's 'little secret'!
Cheers.
msxDr0id said:
No prob, enjoy
What I do really believe is that the unlock feature shouldn't be noted anywhere as it would totally invalidate the locking feature itself, it has to be the owner's 'little secret'!
Cheers.
Click to expand...
Click to collapse
Cool, but the users wouldn't get it.
Maybe, you could suggest some other way.
Now, we are going off topic
Sent from my SGS3
interesting , something like 3 waves unlocks s4, and 2 shows info
Sent from my GT-I9505G using xda premium
offdotba said:
interesting , something like 3 waves unlocks s4, and 2 shows info
Sent from my GT-I9505G using xda premium
Click to expand...
Click to collapse
Soon, to be implemented
Sent from my SGS3
offdotba said:
interesting , something like 3 waves unlocks s4, and 2 shows info
Sent from my GT-I9505G using xda premium
Click to expand...
Click to collapse
For that combo I want to see a droid doing a fatality to a bitten apple, lol!
I don't know, something simple like the droid burning the apple with his laser sight and the apple turning into a roasted one like those from the fairs and carnivals :victory:
Yeah, something simple... XD
@akshay:
"Cool, but the users wouldn't get it.
Maybe, you could suggest some other way.
Now, we are going off topic"
That's precisely the point!
The owner of the phone should be the ONLY ONE to know that an alternate unlock method is available, if somebody else knows about it... well.. PUFF! the surprise/cloak factor goes away
So, if you are the owner of the phone or tablet and along the normal locking methods (pattern, pwd, pin) you decide to implement this alternate, quick unlock method we can safely assume that you know what you're doing and in the event you forget the keys combination for the quick unlock you can always unlock your device the traditional way
In fact, the alternate, quick unlock method should be used when alone or with the people you care and you should rigorously stick with the traditional unlock method in front of strangers.
Call me paranoid but I believe I'm just cautious.
---------- Post added at 12:24 PM ---------- Previous post was at 12:11 PM ----------
MOREOVER: you must bear in mind that if you ultimately develop this feature then is matter of time that it's getting noticed so you need to find a *perfect blend* (nothing less) between security & usability, something that sounds easy when thinking in loud voice but starts getting complex once you start to draw on the board.
If the person that got your gadget happens to know about this type of secondary-unlock method he/she can easily try some combinations to unlock the phone.
Just take your time to analyze what could be the best way to implement it
msxDr0id said:
For that combo I want to see a droid doing a fatality to a bitten apple, lol!
I don't know, something simple like the droid burning the apple with his laser sight and the apple turning into a roasted one like those from the fairs and carnivals :victory:
Yeah, something simple... XD
@akshay:
"Cool, but the users wouldn't get it.
Maybe, you could suggest some other way.
Now, we are going off topic"
That's precisely the point!
The owner of the phone should be the ONLY ONE to know that an alternate unlock method is available, if somebody else knows about it... well.. PUFF! the surprise/cloak factor goes away
So, if you are the owner of the phone or tablet and along the normal locking methods (pattern, pwd, pin) you decide to implement this alternate, quick unlock method we can safely assume that you know what you're doing and in the event you forget the keys combination for the quick unlock you can always unlock your device the traditional way
In fact, the alternate, quick unlock method should be used when alone or with the people you care and you should rigorously stick with the traditional unlock method in front of strangers.
Call me paranoid but I believe I'm just cautious.
---------- Post added at 12:24 PM ---------- Previous post was at 12:11 PM ----------
MOREOVER: you must bear in mind that if you ultimately develop this feature then is matter of time that it's getting noticed so you need to find a *perfect blend* (nothing less) between security & usability, something that sounds easy when thinking in loud voice but starts getting complex once you start to draw on the board.
If the person that got your gadget happens to know about this type of secondary-unlock method he/she can easily try some combinations to unlock the phone.
Just take your time to analyze what could be the best way to implement it
Click to expand...
Click to collapse
I can try to implement the feature you want. Actually, I tried it.
The shake to lock & shake + key to unlock.
Privacy Factor :
The user of the device will only know that feature as he will be the one using the app.
I tried of using Power key but I failed maybe I should try more to use it. But, I can try using other keys like volume, menu key, etc.
I think of keeping an option to change the key according to the user opinion & key availability on device.
Sent from my SGS3
Hey, guys
Doesn't any one know how to use those sensors ???
Would be really helpful.
My bank app is forcing me into setting a PIN or security in lock screen, but I don't feel like setting it. Is there a way to bypass this or to fool the app into thinking I have the PIN set? My phone is rooted.
vfontanela said:
My bank app is forcing me into setting a PIN or security in lock screen, but I don't feel like setting it. Is there a way to bypass this or to fool the app into thinking I have the PIN set? My phone is rooted.
Click to expand...
Click to collapse
probally not since it may check serverside which might get you in trouble if they find your phone is rooted
gaberilde said:
probally not since it may check serverside which might get you in trouble if they find your phone is rooted
Click to expand...
Click to collapse
My girl's phone is not rooted and the same app is asking for the same thing. I only added the information about my phone being rooted because it could help bypass the verification system.
vfontanela said:
My bank app is forcing me into setting a PIN or security in lock screen, but I don't feel like setting it. Is there a way to bypass this or to fool the app into thinking I have the PIN set? My phone is rooted.
Click to expand...
Click to collapse
No, I'm pretty sure they have it locked so that won't work.
Honestly, it's ridiculous to even want to try, you'd be giving anyone an open door to your money. You as the user could NEVER keep it anywhere even close to being as secure as it is designed to be. As a matter of fact, it's probably even illegal even if you did find a way. Or at least will get you blackballed by your bank, maybe even other banks.
Moral of the story? It's best to leave it alone and do yourself a favor and let it keep your stuff secure as it is supposed to do.
Sent from my LGL84VL using Tapatalk
gaberilde said:
probally not since it may check serverside which might get you in trouble if they find your phone is rooted
Click to expand...
Click to collapse
Droidriven said:
No, I'm pretty sure they have it locked so that won't work.
Honestly, it's ridiculous to even want to try, you'd be giving anyone an open door to your money. You as the user could NEVER keep it anywhere even close to being as secure as it is designed to be. As a matter of fact, it's probably even illegal even if you did find a way. Or at least will get you blackballed by your bank, maybe even other banks.
Sent from my LGL84VL using Tapatalk
Click to expand...
Click to collapse
I'm not trying to bypass the bank app PIN. The bank app (which is passworded itself) is forcing me to set a PIN or pattern in my lock screen. I just don't feel like typing a password every time I use my phone.
vfontanela said:
I'm not trying to bypass the bank app PIN. The bank app (which is passworded itself) is forcing me to set a PIN or pattern in my lock screen. I just don't feel like typing a password every time I use my phone.
Click to expand...
Click to collapse
I know exactly what you asked the first time, my answer remains the same.
You could set a fingerprint probably, if your device has fingerprint feature.
Or, some devices can be unlocked by voice using "ok Google"
You can try finding a way to get the banking app allow using one of those methods. It wouldn't remove the need for it, but it would make it easier.
Sent from my LGL84VL using Tapatalk