A Brazilian man named Wallace Da Paula has discovered a bug in Windows 10 Mobile OS that lets anyone with access to your phone bypass your lockscreen passcode and access the device’s image gallery.
The bug requires no technical skills, and anyone can reproduce it in a few easy steps. All is needed is physical access to a device, and around 30 seconds to go through the steps.
Step 1: Take a locked Windows 10 Mobile device and access the camera through the icon on the lockscreen.
Step 2: Take a picture.
Step 3: Tap the image’s newly created thumbnail in the bottom-left area of the screen.
Step 4: Delete the photo.
Step 5: Return to the camera app.
Step 6: Tap the same thumbnail again, which still appears, despite having deleted the photo.
Step 7: Since you’ve deleted the previous photo, you’ll see a black screen. At this stage, go back to the camera app again.
Step 8: Now, the thumbnail of the deleted photo is gone, and you’ll see a thumbnail depicting other photos. Tapping this thumbnail, you’ll access the image gallery.
The bug was first spotted by a Brazilian blog, and Microsoft has been informed of the issue. Since the bug was spotted yesterday, it almost certain it will not be included in today’s Patch Tuesday release. A fix is most likely going to arrive next month. Below is a video (in Brazilian Portuguese) depicting the bug.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.