Issue #1227
closedADB USB Debugging bypass
0%
Description
From the lock screen navigate to the Emergency Dialer or Camera app.adb kill-server; adb shell
will prompt you with a confirmation dialog for ADB accesss.
Occurs even with FDE.
Files
Updated by Pep tide over 9 years ago
Updated by Paul Kocialkowski over 9 years ago
Please propose a patch for fixing this in the current Replicant 4.2 code. If this was not fixed upstream (in either AOSP 4.2 or CyanogenMod 10.1), this is just a inherited problem and if no one is willing to backport a fix, it will stay as-is, just like the webview vulnerability.
Updated by Wolfgang Wiedmeyer about 9 years ago
- File 0001-Show-the-keyguard-if-unsecure-window-on-top.patch 0001-Show-the-keyguard-if-unsecure-window-on-top.patch added
This was fixed in AOSP 4.4.3, but I could not find a CVE for this issue. The patch was very well hidden, but I eventually found it:
https://android.googlesource.com/platform/frameworks/base/+/1f52437%5E!/
Patch works and I cannot reproduce the bug with the patch applied.
Updated by Denis 'GNUtoo' Carikli almost 9 years ago
- Device Not device specific added
Updated by Jeremy Rand about 7 years ago
Wolfgang Wiedmeyer wrote:
This was fixed in AOSP 4.4.3, but I could not find a CVE for this issue. The patch was very well hidden, but I eventually found it:
https://android.googlesource.com/platform/frameworks/base/+/1f52437%5E!/
Patch works and I cannot reproduce the bug with the patch applied.
I can't reproduce this bug on Replicant 6.0 0001, which makes sense if upstream AOSP fixed it in 4.4.3. (I didn't try to reproduce it on Replicant 4.2.)
Updated by Kurtis Hanna about 5 years ago
- Status changed from New to Closed
- Resolution set to wontfix
This issue has been closed because Replicant 4.2 is no longer supported or maintained.