Al be sharing on how a user or in this case a Smartphone
thief can disable the antitheft application without having the password for
access.
Once untrusted sim card is input into the gadget there are
basically some actions that are triggered by this depending on how the
user had set the application…what if the
thief did remove the simcard and turn on the phone?....What if the thief decides
to deactivate the antitheft and uninstall it from the phone?... That is what al
be considering
This process of deactivating the Antitheft does not require
any technical knowhow in programming or Tech. it only require the aspect of
taking advantage of the design of the software,
In the process of deactivating the Antitheft program first
al launch the Antitheft interface
 |
| first interface of avast portal |
Of cause note here I did not have any access to avast panel password enabled. I am working on a scenario that the avast antitheft being with the password restrictions as this is a requirement for safe install.
Now all try to log into the antitheft portal which of cause will require a password.
Of cause the password will be requested but in this case we would like to evade entering a password but disable the Antitheft.
Take note: just move a step back or cancel the Antitheft login
See how long it take for the script to respond once you click on the Antitheft command befor a password prompt can be enterd.it takes some time and the disable command being on site, means it can be accessed.
Lets try this bypass
Once you click on the Antitheft command master the position of the disable command. Now navigate a step back and load the Antitheft again this time keep on tapping on the deactivate command location befor the password prompt can be shown. What you will get from this simple acticity is that the Antitheft will be disabled without entering the password!
Now the attacker can uninstall the application and use the gadget at own plessure
This attack is only possible due to he fact that the design of the application allows the access of the disable option on the screen which is displayed before the password prompt.
The only way to actually win this is by changing the application design in a way that the disable button is somewhere hidden and if the password prompt can be instant to avoid the hack to the application
Post a Comment