Nokia Asha Series Lock Screen Bypass


There have been a lot of lock screen bypasses lately in almost every mobile deice such as iPhone, Samsung galaxy, HTC etc and if you observe carefully most of them rely upon abusing the "Emergency Calling" option some how. Hammad Shamsi a Security researcher from RHAinfoSec has found a lockscreen bypass which resides in all the latest versions of Nokia Asha series. The bypass occurred due to mishandling of SOS button (Emergency Panic Button) which is present in all Nokia Asha Series and is used to perform the emergency calls.

How to Reproduce?

Here are the steps to reproduce, in case you are curious:

i) First, set up the lock code to lock the screen.
ii) Next, type any number on the unlock screen.
iii) Next, press the SOS button followed the green button and you are sent to recent call lists.

This could be furthur abused into gaining complete phonebook access, add/delete a number, turning bluetooth on/off etc. Hammad, has created a series of three video which demonstrates how you could go about accomplishing it.

Nokia Asha Lock Screen Bypass - Video #1



Nokia Asha Lock Screen Bypass - Video #2



Nokia Asha Lock Screen Bypass - Video #3



Reward

Hammad was awarded Nokia Lumia 1520, though mobile bugs are not a part of their bug bounty programs, however an exception was made while taking the impact of the bug in location.


I on behalf of all RHAinfoSec Team members would like to congratulate him and would like to wish him best of luck for future researches. 

Timeline

25/04/14 - The vulnerability was reported.
30/04/14  - Initial response from Nokia notifying that they are working on a fix.
1/06/14  - Nokia lumia was received.
7/07/14  - The issue was fixed.
7/12/2014 - Writeup was released.