You'd think the concept of a lockscreen would be simple. It, you know, locks the phone. Several OEMs have still ended up with bugs that allow users to get around the lockscreen completely. The newest such vulnerability has been discovered in Sony's flagship, the Xperia Z. Just a few simple steps, and anyone can gain full access to the device.
[EMBED_YT]https://youtu.be/LLq1gxIt5YQ
[/EMBED_YT]
In the video, you can see one Scott Reed demonstrating the problem. By pulling up the emergency dialer from the lockscreen you can enter the USSD code *#*#7378423#*#*. That code opens up the device's services menu. From there, it's a simple matter of triggering the NFC Diag Test, which allows you to press the home button and actually get to the homescreen. The problem is not that the services menu is accessible, but that pressing the home button sends the user to the homescreen and not back to the lockscreen. The device is completely unlocked at this point. The only thing an intruder wouldn't be able to do is disable the PIN or pattern lock completely.
It's a pretty serious flaw, but it's not likely Xperia Z owners will encounter a lot of people that know this little trick. Sony recently sent out a fix for the random death bug some users were experiencing, but this issue was not known at the time. Looks like Sony has more work to do.