Hm, but doesn’t this need : 1) phone to be physically accessible 2) phone be un-encrypted and the phone lock screen bypassed? That threat perception seems low. But if the password is stored locally as unencrypted and one that can be overwritten - that would be not a ok thing.https://twitter.com/fs0c131y/status/952826492383383552 …
-
-
The fact that the password is encrypted or not doesn't matter as you can bypass it here. Moreover, I already shown that you can extract the password easily from the database.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Plus seems you need root access, i couldn't see well but you replaced the shared preferences, you can't do this without root either.
-
Current android versions market share : 66.5% for Marshmallow / Lollipop / Kitkat 4.4.x (didn't count lower versions), so it's to be expected that most of these devices will be easy to root once you get a way to execute code on it (being generous, that's still 1 indian on 2 :/ )
End of conversation
New conversation -
-
-
Bigger when most of the users are not aware of the vulnerability..
@fs0c131y you are doing an incredible job by spending so much of time finding vulnerabilities and creating awareness..Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
! Let me show you how to bypass the password protection set up by