While Google had touted the security of Android’s pattern unlock mechanism for securing data and information on an Android smartphone–law enforcement officials were unable to crack their way into the phone of a criminal in the past–it looks like hackers now can hack their way into phones secured with the pattern unlock mechanism even without the phone being rooted.
Pattern unlock was designed by Google as a visual way to unlock a phone by connecting dots in a grid array in a pattern to unlock the phone when the pattern matches a saved pattern. The mechanism is used as an alternative to a simple 4-digit PIN code or a more complex alpha-numeric password. More recently, Google had begun to add yet another method to secure and unlock a phone, this time using face recognition and the front-facing camera hardware module found on many modern smartphones in a method called Face Unlock.
According to XDA-Developers form members, if you leave the USB debugging option checked on your phone, hackers can access your phone using the ADB push method and can bypass the pattern unlock mechanism. Phandroid reports that the method is straightforward for those who know their way around ADB:
Steps for the workaround are relatively easy and straight forward, requiring only a few lines of code to either edit some of the pattern lock values to zero, or remove the “gesture.key” function entirely. And here’s the kicker — absolutely no root is necessary for any of these steps to work.
It’s unclear if Google will release a patch for this, especially on handsets running older versions of Android.