Oof, we just found out it's incredibly easy to remove the screen lock from any Android/LineageOS phone, regardless if it's a pattern, PIN or password, as long as the phone is not encrypted. Just remove the pertinent files from /data/system using TWRP or adb, restart the phone and voilà, lock is gone.

Of course, this does not work when /data is encrypted. So please encrypt your phones, folks. Otherwise there is no access protection at all.

you don't have to find that out you can pustulate it! so please please encrypt your phone.

@resist_berlin_ as far as I know, encryption has been pretty standard for recent phones?

@resist_berlin_ Um, sure, encrypting devices is always good, but how did you get access to adb? Don't you have to unlock the screen and confirm - or even enable USB debugging first?
And the TWRP way only works if you already have a custom recovery installed or at least unlocked the bootloader.

I don't think this is a flaw in Android - it just demonstrates the security holes people usually create when they install a custom ROM and a custom bootloader.

A surprisingly large number of phones is affected, for example most or all Samsung phones, phones with custom recoveries, phones with stock recoveries that still allow adb access, which is not unusual. Besides that, it is of course sensible to use custom ROMs for many reasons.

The flaw is that deleting certain files removes the lock. The phone should rather stay locked, throw a warning or something else. This is pretty bad design and gives a false sense of security.

@resist_berlin_ I'm not quite sure how one would defend a screen lock against a person with access to the adb "shell" account. At this point one can read the data of all apps.

If the stock recovery allows the use of adb, that's a bug which should probably be reported to the vendor.

I'm not against using custom ROMs, don't get me wrong. I'm just saying that disabling security measures comes with a price - they're there for a reason.

@resist_berlin_ Also, device encryption (while very useful) doesn't solve all of the problems created by unlocking the bootloader. Adding a keylogger to /system is the first thing that comes to my mind - there are certainly more attacks possible (eg. replacing systemui with a one without support for screen locking).

This actually saved me once when my lock screen would not accept my pin. Phone was encrypted so I had to add a script with TWRP to remove this configs during boot - you can still modify the system partition so after I put my pin to decrypt data partition the script run removing the lock. 😃

@resist_berlin_ I Have installed LineageOS unofficial for my Phone and encryption is broken :(

@resist_berlin_ this actually once saved my a** when a lineageOS update broke my lockscreen.

@resist_berlin_ You seem surprised? There's a zillion ways of owning an unencrypted device of any OS that you can get to.

@penguin42 I'm obviously not surprised that it's possible, I'm surprised that it takes zero hacking skills to do so.

@resist_berlin_ whenever these things need skill anyway people script it. I suspect on most Linux just removing the screensaver binary will probably do it.

@resist_berlin_ That's not surprising really... if you have physical access to any Linux desktop that doesn't have full encryption means that you are essentially root. Single user mode and all... you don't even need a usb stick if you can manage the kernel command line.
Sign in to participate in the conversation – a Fediverse instance for & by the Chaos community