I need to demonstrate this vulnerability being exploited for my mobile cybersecurity class.
It should be possible in the following Android versions: Android-10, Android-11, Android-12, Android-12L (with security patch levels older than June 5 2022)
The goal is to get access (up to 30 seconds it seems) to a password-locked user account in Android, in a device with "multiple users" option activated. (in short, this could be achieved by hitting "Home" multiple times while changing users)
I tried to emulate multiple devices following these specifications, an this is what I tried:
- hitting the "Home" key in my keyboard
- using ADB scripts with loops for clicking multiple times in the "Home" button. At first the clicks seemed too slow, so I tried to make the clicks in the script be like "command1 &", so they execute in background and don't keep the next one from being executed. The result is, I can make the emulated device crash, which is not the goal (maybe the processes in background are to blame, and not the many clicks?)
I know that it must be possible to emulate this. At least the guy in this article said he did it more than once.
I'm a beginner with these tools, so any idea would be appreciated, even if just redirecting me to a forum that is more specific on this, thank you
