This video demonstrates how to bypass the password screen on an android. If you lose your phone, someone who finds it can use this attack to get around the password you set.https://www.youtube.com/watch?v=X7McMB_Gbj8
This attack requires a phone with an unlocked bootloader. Some phones come with unlocked bootloaders, and on others users do this as part of a rooting process. Future HTC phones, for instance, will come with unlocked bootloaders (https://www.facebook.com/HTC/posts/10150307320018084)
We use a Google Nexus One.
What you see on the right is a live video capture from our Nexus One. We boot the phone into bootloader mode, and boot a recovery image. This image allows us to mount the system and data partions and access a shell on the phone, all without entering the password.
Once we have a shell, we simply replace the gesture.key file with an empty file. This is exactly like booting a computer into a Linux USB stick in order to access the filesystem without knowing the password.