How I unlocked the phone I found using social methods. engineering

    The end of the working day, evening, I find a telephone on the street. It turns out to be the Samsung Galaxy S5 Mini, the screen is locked using CM Locker (this is important).

    The Internet is connected to the phone, Instagram, Youtube notifications are visible, but not a single missed call or SMS. Yes, and what's the point - you can’t click on a notification to go to its details from a locked state. The notification panel also cannot be called up, you can only start the flashlight, enable / disable data transfer, Wi-Fi, bluetooth and a calculator. Well, decrease / increase the brightness / volume, from where it is also not possible to get to dialing a phone number or SMS.

    After a couple of hours, the phone rang. We agreed that the owner will take it from me tomorrow, since he is now on the other side of the city.

    And at 6 in the morning the alarm rang on the phone. I pushed the notice to the right and lay back in bed. After a couple of minutes, the alarm rang again. Well, I moved the icon to the left. It wasn’t there - he rang again a few minutes later (looking ahead, I’ll say that it’s not the impossibility to turn off the alarm when the phone is locked, but its owner just set about ten alarms with a difference of a couple of minutes between each other). I did not want to leave the phone ringing in another room or turn it off, so it was decided to find a way to unlock it.

    image
    ( screenshot for example )


    After entering the PIN code incorrectly, the “Forgot Password” link appears. By clicking on it, an invitation opens to restore the password using Gmail, you just need to enter the password from the mail. But to me it is unknown.

    Well, I pick up a tablet and look for the person on VK and Facebook on the specified e-mail.

    VKontakte is empty, I find one account on Facebook, but it is not used with fake data. I’m looking for an e-mail just in Google. Nothing too.
    What's next? Hmm ...

    And then I recall that on the main screen one of the notifications said that a new video appeared on such a Youtube channel, and the second one - that someone liked my Instagram photo.

    Ok, I find a girl on Instagram who liked the photo of the owner of the phone. I’m starting to look at those to whom she is subscribed. Among the two dozen people, most are girls, and among the guys no one has recently posted a photo, or did it with an iPhone at the mirror).

    Okay, I subscribe to it and go to Instagram’s “Subscriptions”. The actions of my friends are displayed here, and among the rest I see how she “liked” 4 photos. Three photos - girlfriends, one photo - a guy. The one that was with the iPhone.

    So ... I go to his account, in the profile I see a link to Ask.fm.

    In Ask.fm I see a link to the profile of VKontakte.

    I open the VK profile and on the first try I guess the password for unlocking : April 15 - 1504 - date of birth .

    image

    The password to unlock was the day and month of birth.

    The phone is successfully unlocked and CM Locker shows me a photo of the “attacker” who was trying to unlock the smartphone, with an offer to share it through the standard Android share menu.

    But I return the phone in a couple of hours - my photos on this phone are not needed. I go to the gallery, find the folder with these photos, click "delete", and then on top of the question "Delete?" Protection pops up with a request to enter a graphic key. Well, I won’t pick it up so easily) Well, I minimize the application, go to the gallery again and manage to delete one photo in a couple of such attempts. But there are several of my photos on the phone, and the annoying protection, which, as we see, can be circumvented, makes it difficult to conveniently delete the rest.

    Ok Google. I install a simple file manager from the Play Market, go into it, open the desired folder and delete the photo. The protective application did not pick up - but what, it is configured for certain programs, it was not intended to block the newly installed application)



    Total: additional protection is good. However, do not set simple passwords such as date of birth. Put at least birth dates backwards, I don’t know, or someone else’s birth dates (but not of someone close to you, who will be marked in your social profile in the column “Marital Status” ;-)).
    Anyway, social networks ...

    In CM Locker, by default, the “Attacker's Photo” function is turned on. Nearby is the function "Send photo by e-mail", but it is not activated by default. It turns out that the developers did not consider it necessary to activate this function, and users may not turn it on. And what's the use of the photo that remains on the lost phone?
    Well, the very slowness of the application, which allows you to perform some kind of operation a few milliseconds before the application’s lock screen, is also a minus to the developers.
    by the way
    (when starting the calculator from the then still locked phone, the Android settings menu opened, but there I did not manage to open anything)

    The smartphone itself is equipped with a fingerprint scanner, and if you choose this method of locking the screen, then unlocking it becomes much more difficult (but also not impossible ) - it is better to use such protection than a password of four plain digits.

    And again: never set simple passwords!

    PS: phone, of course, I returned.

    Also popular now: