Hm, but doesn’t this need : 1) phone to be physically accessible 2) phone be un-encrypted and the phone lock screen bypassed? That threat perception seems low. But if the password is stored locally as unencrypted and one that can be overwritten - that would be not a ok thing.https://twitter.com/fs0c131y/status/952826492383383552 …
-
1:18 -
Replying to @vganesh
Yes you need to have a physical access to the phone. No, the phone can be encrypted. Yes, you need to go through the lockscreen (if needed). For a system which handle the data of 1.2 billions of persons, this is clearly a big vulnerability.
3 replies 1 retweet 17 likes
The fact that the password is encrypted or not doesn't matter as you can bypass it here. Moreover, I already shown that you can extract the password easily from the database.
0 replies
1 retweet
1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
! Let me show you how to bypass the password protection set up by