How to Hack :
“My concern when I found this…was thinking about a malicious state actor or someone else with temporary access to your phone,” he says. “If, say, you give your phone to a TSA agent during extended screening, they could take something from it or plant something on it without you knowing.
Gordon says he stumbled on the lock screen vulnerability while messing with his phone during a long East Texas road trip. “I’m sitting in the passenger seat, bored, with no signal on my phone, so I start poking around and seeing what unexpected behavior I can cause,” he says. “A few idle hours of tapping every conceivable combination of elements on the screen can do wonders for finding bugs.”
In some respects, this attack may be more of a curiosity than a critical threat. (Google itself labelled the problem as “moderate severity.”) After all, it does require physical access to the phone—rather than allowing a hacker to break into it remotely, like the text-message-based Stagefright exploit.
Even so, those with vulnerable devices should install any available security updates, consider switching from a passcode to a PIN or pattern unlock, and watch where you leave your phone. Now would be an especially bad time to forget it at the bar.