14 DAY TRIAL // LG V10 smartphones where the Nova Launcher app has been installed allow attackers to add their fingerprint to the phone and be able to defeat the screen lock system.
This is not a complex script-based attack or one that relies on zero-days or malicious images sent via MMS that exploit your phone's underlying OS. The only condition is that the attacker has access to your device (usually 30-40 seconds) and that the user has Nova Launcher installed.
Nova Launcher is an app for managing the Android homescreen, one of the most popular "launchers" on the Google Play Store. This app allows users to control how their Android homescreen looks by adding or removing widgets.
To be effective, the attacker needs to employ some social engineering tricks. Usually, he'll ask a person to loan him the phone to make a call or navigate the Web "for a minute."
During this time he can long-press the Home button, pull up the Nova Launcher management screen, and drag an "Activities" widget to the homescreen. This widget is a simple shortcut for linking to various apps and controls, and the attacker can link to the "Add Fingerprint" option from the phone's settings.
In normal conditions when a person adds a fingerprint, if the phone has a lock activated, the person will be asked to enter a PIN lock code to continue, even if the phone has been previously unlocked. Using the Nova Launcher-created shortcut, attackers are not prompted for this code.
It only takes 30 seconds to add a fingerprint
In around 30 seconds, the attacker can add his fingerprint to the device, delete the Nova Launcher widget, and give you back the phone.
With a fingerprint already stored on the device, the phone can be unlocked at later times when its owner leaves it carelessly around, or the attacker can steal it and have access to its data without wiping the device's storage.
But there is good news. LG V10 only stores four fingerprints in its settings. If you don't want people secretly adding their fingerprints to your phone, just make sure to fill up all the four slots (you have ten fingers, don't you?).
A video of the attack is available below, courtesy of Matt OnYourScreen.
