Related
Tested with Skype version 3.2.0.6673 (released 1st July 2013) on various
Android devices (Sony Xperia Z, Samsung Galaxy Note 2, Huawei Premia 4G
The Skype for Android application appears to have a bug which permits the
Android inbuilt lockscreen (ie. pattern, PIN, password) to be bypassed
relatively easily, if the device is logged into Skype, and the "attacker"
is able to call the "victim" on Skype.
This can be reproduced as follows with 2 Skype accounts, and 2 separate
devices to use with Skype. The target phone is presumed to have an Android
lockscreen configured and in use, and to be locked during the test.
1. Initiate a Skype call to the target device, which will cause it to
wake, ring, and display a prompt on the screen to answer or reject the call
2. Accept the call from the target device using the green answer button
on the screen
3. End the call from the initiating device (ie. the device used to call
the target phone)
4. The target device will end the call, and should display the
lockscreen.
5. Turn off the screen of the target device using the power key, and
turn it on again
6. The lockscreen will now be bypassed. It will remain bypassed until
the device is rebooted
Similar to (ironically enough):
http://arstechnica.com/security/201...een-lock-on-up-to-100-million-android-phones/.
Seems that internet based calling apps might well be "unlucky".
I suggest logging out of skype when not using it, until there is a fix.
Thanks to Turl for originally bringing this to my attention.
Greetings pulser_g2,
Thanks for posting this. I found that all these screenlock bypass vulns (including yours) won't work if a enterprise policy is enforced on the target device. I've tested with 2 different smartphones, Note 8.0 and Note 2. Both with the current stock firmware. Can you or anyone else confirm this?
Cheers,
Michael
c0rnholio said:
Greetings pulser_g2,
Thanks for posting this. I found that all these screenlock bypass vulns (including yours) won't work if a enterprise policy is enforced on the target device. I've tested with 2 different smartphones, Note 8.0 and Note 2. Both with the current stock firmware. Can you or anyone else confirm this?
Cheers,
Michael
Click to expand...
Click to collapse
Hi Michael,
Thanks for the tip. However, forcing enterprise policy onto a device that does not need it should not be a solution for a bug like this (not ranting against you, please don't take it that way). Skype was already informed about this a couple of weeks ago and nothing has been done afaik.
I received a Skype update today from the market, so I guess it might be worth checking if the bug can be repeated or if it has been fixed.
Hi egzthunder1,
I don't take your post personal. My post was not made with the intent to be a bugfix. I just want someone else who also has access to provisioned devices to confirm my observation. Additionally if my observation is correct then it should be mentioned in a security advisory that enterprise provisioned devices with an enforced password seem to not be affected by all these lockscreen bypasses. I'm just discussing here
Does andybody know which wrong usage of the Android-API might be used here? I'm developing myself an app which switches the Screen on and shows information without the need to unlock the device. Know I'm concerned that I might use the API wrong, too. There were also such bugs in other apps in the past month, so there must be some wrong usage type. Saidly I didn't find anything about it via googling. If you have links, please share.
SamsungPisser said:
Does andybody know which wrong usage of the Android-API might be used here? I'm developing myself an app which switches the Screen on and shows information without the need to unlock the device. Know I'm concerned that I might use the API wrong, too. There were also such bugs in other apps in the past month, so there must be some wrong usage type. Saidly I didn't find anything about it via googling. If you have links, please share.
Click to expand...
Click to collapse
It seems to be related to the use of the permission to disable the lockscreen.
I.e. http://stackoverflow.com/questions/12021800/disable-delay-android-lock-screen-programmatically
You want to ensure you definitely disable the option once done. I suggest you create a test plan and ensure even if everything goes wrong, the lock will still get enabled again in the end.
c0rnholio said:
Hi egzthunder1,
I don't take your post personal. My post was not made with the intent to be a bugfix. I just want someone else who also has access to provisioned devices to confirm my observation. Additionally if my observation is correct then it should be mentioned in a security advisory that enterprise provisioned devices with an enforced password seem to not be affected by all these lockscreen bypasses. I'm just discussing here
Click to expand...
Click to collapse
Hmmm that is interesting actually.
I need to see if I can replicate this by forcing provisioning manually.
I don't have an exchange server unfortunately (I use my own mail server that uses the protocol but doesn't do the complex provisioning.)
I'll have a look though as I think it supports provisioning in the configuration where it emulates Exchange. I believe this likely is a workaround for enterprise users.
This would be enough motivation actually to look at setting up proper provisioning of my devices.
Thanks for letting me know
I am starting this thread to be a place for Terrain owners to come for the latest info on how to root and flash their phones. The Terrain is one of the best "rugged" phones on the market, but it has been abandoned by it's manufacturer, leaving owners to find their own solutions to problems and upgrades. This is actually a good thing price wise as you can now buy a brand new Terrain for less then $85. The Terrain has about as of hardware specs as any other ruggedized smartphone on the market currently, but at one third or a 1/4 of the cost. This makes this phone a huge attraction to anyone who is looking for a rugged waterproof phone on a budget and is why this guide is essential for users.
The NEC Terrain still has plenty of life left and this is why we need to come together and find solutions for it. Please feel free to post you success stories in rooting and flashing your terrain to this thread for the benefit of all. Hopefully, will be able to form a complete guide from all the information that get's posted here.
Thanks.
Hi!
I myself just today recieved this phone, and it would be great at least to debloat it.
Previous threads on XDA, just for reference:
NEC Terrain: ADB/CDC Serial Driver, 3e Recovery Password, and Root
[Q] Rooting NEC Terrain
[Q] Unlocking of NEC Terrain SIM/Root
gamerka said:
Hi!
I myself just today recieved this phone, and it would be great at least to debloat it.
Previous threads on XDA, just for reference:
NEC Terrain: ADB/CDC Serial Driver, 3e Recovery Password, and Root
[Q] Rooting NEC Terrain
[Q] Unlocking of NEC Terrain SIM/Root
Click to expand...
Click to collapse
Thanks for the post and the links. It appreas that much of the information on these links are still a work in progress. Hopefully this work will continue and we can create a How To guide from this.
For those that may be interested. You can buy the NEC Terrain Unlock on Amazon for $79.99. Here is the link.
http://www.amazon.com/NEC-Terrain-UNLOCKED-WaterProof-DustProof/dp/B00KZPI04S/ref=sr_1_1?s=wireless&ie=UTF8&qid=1405614968&sr=1-1&keywords=nec+terrain
For full specs on this great phone you can go here.
http://www.gsmarena.com/nec_terrain-5553.php
Well, I almost bricked it few days ago. :good:
I read a thread about a patch to unlock GSM in CDMA phones and saw there a code to enter some hidden menu. I entered that menu and messed a little with band settings (wanted to get LTE to work with my operator). Next thing I know Terrain stopped receiving any GSM signal and for next hour I tried to fix it. Factory reset got me 2G signal and that's all.
It turned out that the only way to fully fix it is to re-flash firmware or radio module and as we know that can't be done.
Well, this is not about unlocking or flashing, but it is a solution to another problem I and many other have been having with the predictive text bar blocking critical function keys from being accessed. The predictive txt bar is a function of the Adaptxt keyboard app and disabling it does remove that bar, but the keyboard also loses all special character function, upper case letters and numbers. After trying more then a dozen keyboard apps to replace adaptxt, I found one that works and brings back all keyboard functions without the stupid predictive text bar. It is called TouchPal.
https://play.google.com/store/apps/details?id=com.cootek.smartinputv5&hl=en
Forgive me for this slight OT-posting, but it's not that easy to find people with this device - let alone an unlocked one. I'm located in Germany and the device runs just fine - except for the fact that Tethering does not work - neither USB nor WIFI. The PC can connect to the phone, however the connection in Windows 7 always is shown as being limited (no internet access), while internet on the phone works fine.
GMail - as well as some other functions of google also rarely sync and basically just do so on request, while they sync just fine when being connected to Wifi. And no, background data are not restricted in the settings.
Has anyone experienced something similar?
laserdrome said:
device runs just fine - except for the fact that Tethering does not work - neither USB nor WIFI.
Click to expand...
Click to collapse
I have the same problem! After few minutes of "thinking" phone reports "There is a temporary nework problem... bla, bla, bla"
Is there any suggestions how to fix it?
iDomino said:
I have the same problem! After few minutes of "thinking" phone reports "There is a temporary nework problem... bla, bla, bla"
Is there any suggestions how to fix it?
Click to expand...
Click to collapse
Well actually I know that message as well. For me changing the APN helped. You could also try to restart the phone. I just remember I also had this problem sometimes. But like I said - even without that particular message I would not get tethering to work.
iDomino: Do you also experience the problem with syncing that I had?
That's funny, actually I haven't noticed syncing problems untill I read your posts. I myself have all the same problems that you mention.
Even more of that, Terrain has some silly feature that TURNS OFF WI-FI if it thinks that that hotspot has no internet connection. It is massively annoying and can drain all your data traffic. The only solution that I found is to install the app "Smart Wi-Fi Toggler", it constantly turns wi-fi on if terrain turns it off, but only in places where I turned wi-fi on myself (like home and work).
It's a pity the phone has so many flaws and due to its tight security and the locked down NEC mobile devision no one can do anything about it. I wonder if this just affects the users who use an unlocked phone outside the US or if people in the US have similar problems. I have tried contacting NEC about this - actually about providing us with some kind of unlock mechanism - but all I got was this:
"Dear Sir,
Thank you for inquiry.
We, however, regret to inform you that our phone is not available about your request.
If you have any issue, would you try to contact the company or shop where you have purchased this model, who might be of help to you.
Thanks and Best Regards,
Fujii /NEC"
By the way, I discovered a new bug: When Roaming the actually used Network-Provider is not shown and I also didn't find a way to choose one...
Do you also experience the problem with syncing that I had?
Click to expand...
Click to collapse
I had some sync problems and I don't know working methods to fix it.
First time I solved it this way:
turning off apps sync -> open Gmail app -> it will show notification offering to enable synchronization -> use it -> sync works.
But this solution worked just once. (
Other time sync turns on by itself after one day disabled.
P.S. My Nec reboots while connecting via USB to ubuntu laptop.
Battery life
Can someone tell me how your Terrains battery hold up charge? Because mine discharges completely in about 10 hours (without using phone at all). I think it's wakelock problem.
iDomino said:
P.S. My Nec reboots while connecting via USB to ubuntu laptop.
Click to expand...
Click to collapse
Does it crashes once or infinite loop begins? I had infinite loop problem while connecting NEC Terrain to Ubuntu, Linux Mint, Debian or CentOS. Removing "ModemManager" package solved it.
FFDA said:
Can someone tell me how your Terrains battery hold up charge? Because mine discharges completely in about 10 hours (without using phone at all). I think it's wakelock problem.
Does it crashes once or infinite loop begins? I had infinite loop problem while connecting NEC Terrain to Ubuntu, Linux Mint, Debian or CentOS. Removing "ModemManager" package solved it.
Click to expand...
Click to collapse
My phone works about 25-30 hours (30 min. calls, 5-10 sms, 30 min. messaging, 2 hours e-mail, internet & other applications. No video/gaming/music at all).
Infinite loop. Removing "modemmanager" helps! Thank you! :laugh:
Also got spontaneous rebooting after installing FTP Client made by Zifero. :silly: Removing app solved the problem.
Dreaming about root and working wi-fi tethering.
Who have usb driver of nec terrain? I need it, thanks
zolahn said:
Who have usb driver of nec terrain? I need it, thanks
Click to expand...
Click to collapse
Maybe this topic will help.
Cpu-z shows only 665MB RAM on device... Where are another 335MB???
Lets continue discussion in one thread!
http://forum.xda-developers.com/showthread.php?p=59514154#post59514154
I created a GitHub repo to collect information, also on how to disable apps (since thats as good as it gets for now).
Another Terrain user here!
Hi guys!
i am Kharl
i am another Nec Terrain user here!
due my lifestyle, i needed a phone which could gives me reliability and power under ANY circunstance, that could be done by any rugged phone, BUT i needed querty keyboard, fm radio, gps, gyroscope, accelerometer, loud speakers, that could work worldwide and touchscreen... the only one with those features was the Terrain... and with the extra, that it is amazingly cool, i dont know opther but i find this phone really cute, very sober and elegant design.
well, i live outside USA so, for me, to work it couldnt be locked to ATT, so i was able to get one unlocked.
my phone has almost all the problems you mentioned, althught i am still happy with it and i am not going to change it because its problems does nto interfere a lot with me, BUT of course id like to get those problems sovled.
trying to solve the problem i bough three of thes phones and all the three had the same problems
the first one was by mistake, locked to att, but it had the same problems, random restart and locked hotspot, i sold it, i got a second one, works with any sim, everything fines, but with the same problem, random restart and no hotspot, i bought a third one to see if the problem was with my particular phone... and n luck the same problems.
it has some other minors problems, like no stereo audio recording despite it has two mics and IT STATES IT CAN record in stereo, but thats not a problem, i can deal with that, and sometimes the people at the other side (while in a call) says my voice sounds like from within a box (lack of trebble or too much bass) and when i press the check too much to the phone boddy there is also clarity sound problem.... but thats ok....
regarding the two main problems
random reboot and hotspot
many of us suspect what the cause is
for the random reboot many could think it is a installe app which is causing it... NO, because it does it at factory state, to solve that i dotn think root is needed, there is a certain factory process that is causin to reboot, the reboot is VERY random, could doit threee times in a day or could happen only three times in a week, what i have notice is that it happe lessoften in cold weather.
the hotspot problem IT IS cause because att locked that function, even when the phone is ulocked, that part remain locked because ATT.
what about you guys?
u can try hard reset for begging
This seems very strange. my N5, stock and unrooted (5.01) battery was getting bad so I replaced it with a unit from ebay. It looked like a genuine OEM battery but I suspect it wasn't.
And despite all the videos on Youtube etc. saying you can prise the back off the N5 without breaking anything I managed to break two tabs
Anyway after I put it all back my first heartstopping moment was NFC had stopped working, both for charging and for communications. A quick Google search revealed that was because the back had not snapped on properly so the antenna in the back was not contacting the motherboard contacts properly. A quick press of the back the case, a click and all was well,
But now the phone won't do trusted face or locations which it did before. If I go to trusted face and choose improve face matching I receive an error Couldn't start finding your face. And now face unlock never works as well as trusted location (my home).
I can't believe a new battery would affect that but perhaps somebody in these forums might have some knowledge of this problem?
I will wait for 5.1 to see if it fixes the problem, else I guess I have to live with it.
Thanks
Sounds like maybe the front facing camera connection might have been disturbed during battery installation.
If it was me, I'd go into the camera app and see if the front facing camera is working properly.
If not, pull the back off again and check around the camera for anything loose. Verify your antenna connections.
Best of Luck
That one of the first things I tried and the camera is fine. Also GPS works fine so trusted location should work.
lchiu7 said:
That one of the first things I tried and the camera is fine. Also GPS works fine so trusted location should work.
Click to expand...
Click to collapse
As you mentioned, waiting for the 5.1 OTA is going the be the best option short of factory resetting and losing all your data.
Hopefully the OTA will fix it for you when it arrives to your device.
If you prefer not to wait on Google, you could Download the 5.1 OTA and ADB sideload it using the STOCK recovery.
Nexus 5 OTA Help-Desk
Looks like you would need to follow :
Scenario #1
You are completely stock. Unlocked or Locked bootloader. No root permissions.
Continue to Section A
Best of luck
The problem is not from your battery.
Trusted places and faces are broken after the last Google Play update on a number of Nexus devices after they added the "on-body detection."
Some users get it to work, some temporarily, but it is not an issue with your new battery. From the forums i read, some users (not Nexus 5 ) got it to work by turning smart lock off and on, re-doing your locations in google maps, side loading the Google Play Services apk, uninstalling the Google Play Services and reverting it to previous version (mine is grayed out.)
I notice huge battery drain coming from the Google Play Services then I disconnected the GPS and it was no longer draining. I am assuming it's having trouble or a bug where it's searching my location for the Trusted places and draining my battery. This is only an assumption though. Hopefully it will be fixed in a future update. I still have not found a fix for my N5 or N7 2013 yet.
Just so others are not put off ive changed my Battery with no issues and have taken the back off 6 times. No clips broke. It is important to make sure all clips are pushed home and you should gently press the back allover as there are a lot of connections on the back that need to make contacts with the board
joegestes said:
As you mentioned, waiting for the 5.1 OTA is going the be the best option short of factory resetting and losing all your data.
Hopefully the OTA will fix it for you when it arrives to your device.
If you prefer not to wait on Google, you could Download the 5.1 OTA and ADB sideload it using the STOCK recovery.
Nexus 5 OTA Help-Desk
Looks like you would need to follow :
Scenario #1
You are completely stock. Unlocked or Locked bootloader. No root permissions.
Continue to Section A
Best of luck
Click to expand...
Click to collapse
I got the OTA update for 5.1 and it's made no difference. Might have to look at some other solutions.
chrisinsocalif said:
The problem is not from your battery.
Trusted places and faces are broken after the last Google Play update on a number of Nexus devices after they added the "on-body detection."
Some users get it to work, some temporarily, but it is not an issue with your new battery. From the forums i read, some users (not Nexus 5 ) got it to work by turning smart lock off and on, re-doing your locations in google maps, side loading the Google Play Services apk, uninstalling the Google Play Services and reverting it to previous version (mine is grayed out.)
I notice huge battery drain coming from the Google Play Services then I disconnected the GPS and it was no longer draining. I am assuming it's having trouble or a bug where it's searching my location for the Trusted places and draining my battery. This is only an assumption though. Hopefully it will be fixed in a future update. I still have not found a fix for my N5 or N7 2013 yet.
Click to expand...
Click to collapse
Not sure if that applies to me. I had the problem after I replaced the battery (though it could be coincidental) but before 5.1 where I understand is when on-body detection was first implemented.
I managed to get trusted places to work by walking around my section and getting the phone to recognise a new location which is basically the same as my home but with a different name. That seems to work but I still cannot get face detection, either with unlock or improve matching.
I found the reason for my large battery drain, it was one of my weather apps refreshing through Google play Services. I also did a temp fix for Trust Places like the other user did. I added two places next to my house, close enough to all cross each other. That did the trick for now.
Here's what worked for me
I got a phone call when my Nexus 5 was locked and instantly Trusted Face crashed and gave me a force close message. Here's how I managed to fix it:
1) First, I removed the existing face data and turned off Trusted Face.
2) From Settings --> Apps --> All, I found Trusted Face and Cleared Cache, Data, Force Stopped the app and then disabled & enabled the app.
3) Rebooted the phone holding the power button (Not through the menu)
4) Turned on Trusted Face and registered my face.
5) Then I had coffee, but that's not relevant to the case.
Note: I know some of the above steps are unnecessary and repetitive, but nothing else worked for me.
Good Luck !
Thanks. I tried that and now Trusted Face is working again.
PHP:
lchiu7 said:
Thanks. I tried that and now Trusted Face is working again.
Click to expand...
Click to collapse
I'm glad it worked.
Has anyone else tried using a Bluetooth device go smart unlock your phone?
I can register my Bluetooth headset for the function but my phone still gets locked and requires my fingerprint after the screen is off for a few minutes
My phone is locked due to exchange security policies.
Sent from my SM-G920I using XDA Free mobile app
Works fine in my truck...
Works fine with my Sony SW3
Works fine with my moto 360
Same thing happens to me, but for location. I raised with Samsung on twitter and they asked me to email them. I've done so. Will let you know if I get any update.
I see the same issue - I have tried with two bluetooth devices and also a location. None of these bypass the need for fingerprint to unlock the phone. I also tried with PIN security - same issue. My phone has an exchange account linked which altered some security settings, maybe this is it? However, same account and same Android version on a Nexus5 and there was no problem.
yea im having issues as well. I do have exchange security as well but this worked fine on my Nexus 5. I'm also having issues where my Nexus 5 could skip songs via bluetooth. This does not work via google music now via my pioneer headunit. I cant tell if this is android bluetooth issues or what??
I have the same issue. Just disabled my exchange policy and it started working. It does not ask for fingerprint or pin any more.
This is weird because same setup on Nexus 5 worked fine. There smart lock overrode the exchange policy, but looks like Samsung has decided to give exchange policy higher preference than smart lock.
same for me just work with car Bluetooth but not with locations
Ok, moved Exchange account into Knox (which is awesome by the way) and now the smart lock works. Proves it was Exchange security causing it.
Cool, looks like exchange is the root cause.
Let me go explore knox as well!
Sent from my SM-G920I using XDA Free mobile app
I'm having the same issue with no exchange account set up.
teethgrinder32 said:
Same thing happens to me, but for location. I raised with Samsung on twitter and they asked me to email them. I've done so. Will let you know if I get any update.
Click to expand...
Click to collapse
+1 on location. But Bluetooth is perfect for me.
I had the same issue, smart lock works with BT but not with location.
What helped for me: I used location of Home from maps, it wasn't work. When I added "new" place and used near address it started working. I'm not using Exchange with security (I'm used to using Office365 and there isn't this rule)
works fine here over bluetooth to my gear 2 neo smart watch , and my turtle beach elite 800 wireless headphones , also location lock is working here on the w8 stock unrooted.
rakh1 said:
Ok, moved Exchange account into Knox (which is awesome by the way) and now the smart lock works. Proves it was Exchange security causing it.
Click to expand...
Click to collapse
What is knox? How did you accomplish this - I really want to get this trusted device unlock enabled. Thanks in advance.
I have the same issue - smart lock works without "corporate" account. However when I setup a "corporate" account (Exchange, or in my case - it's Google Apps with Google Device Policy) - smart lock stops working.
You can configure trusted devices/locations, but you need anyway to unlock device using pin/fingerprint/or whatever. Exactly same configuration worked well with recently replaced HTC One M7 (Sense version with Lollipop).
It's my first Samsung device after about 5 years with Android.. is there any chance they fix anything like that, is it worth to bomb tech. support about it?
On the side note, regarding alternative solution - I'm a bit curious how Knox is working. I don't like additional layer it adds to a system, and I don't really need such paranoid level of security, but.. maybe Knox is not so bad? Does it show notifications from Knox applications? How all apps are working in background, or do I need to unlock Knox each time I need to check the mail?
Yay, the upgrade to 5.1.1 has fixed this.
How do you disable exchange policy?
Update took care of it - I did not change anything.
Hi all, delighted by my brand new device (exynos) but a strange behaviour occured when I installed my company MDM.
Impossible to unlock with the fingerprint, in the settings the biometrics section is greyed out.
It was working fine before. As soon as I removed the professional profile, it worked again, and as soon as I set it up again, it didn't.
Strangely enough, the MDM allows the fingerprint to log into the professional apps (like Boxer).
Anyone here uses a company profile with the S10e ?
Sounds like a bug or a company restriction? It worked fine before with my old MotoG5+ with an outdated security patch, and my colleagues with other types of Galaxy phones don't have this issue.
Thanks for any thought.
I use work mode and Microsoft InTune. The fingerprint sensor works normally. The sensor itself is a bit annoying but the operation is as intended.
The fingerprint settings have an option for fingerprint always on.
Same thing happened to me. My company uses VMware Intelligent HUB in a work profile. After installing it, could no longer unlock with fingerprint. Options are grayed out in security settings. Uninstalled the work profile and I get fingerprint unlock back. Since the only thing I needed was email, I'm just using the web interface in chrome (how is that more secure???). It all worked fine on my pixel 2, so this is specific to s10e. I refuse to install the work profile if it disables the fingerprint unlock. Emailed my IT department to see if they can change the policy, but not hopeful about that.