Android vulnerability allowing attackers to easily bypass passwords in lock screens
We like to think our password-protected lock screens will keep our data secure. At the very least it should force thieves to perform a factory reset and keep our private information away from strange hands, right? The truth is this is not always the case. As with any other operating system, Android has its faults, and the guys over at The University of Texas at Austin have discovered a pretty nasty bug that can grant anyone access to certain phones.
The attacker needs no software or coding, nor does he really have to be an experienced tech geek. This is really pretty simple to do, which is why we can’t call it a hack. The good news is that it only affects devices running Android 5.0 to 5.1.1 Lollipop.They also have to be using a password-protected lock screen. In addition, the attacker has to have the phone in his/her possession for some minutes.
How to access Android 5.x devices
This is no rocket science. The idea is pretty much to input so many characters into the password field that it will force the device buffer too much, choke and give in. But the phone can handle a lot of text, which is why the intruder will need to open up the camera app at the same time (which is also accessible without a password input).
In the video, we see the tester launching the phone app (Emergency Call) and creating a long string of characters by copying and pasting. Once it’s long enough, he switches over to the camera app, pulls down the notification bar and presses on the Settings button. This, of course, will request a password. From there, just keep pasting the same string of characters over and over within the text field. Eventually, the device will not be able to handle the lockscreen process and let the user right in.
Where’s the fix?!
Pretty scary, right? I mean, it was reported only last month that about 18.1% of active Android devices are on Lollipop. That’s a whole lot of us, but we do have good news for you. This vulnerability has already been fixed for devices like the Nexus 4, 5, 6, 7, 9 and 10.
Other large phone makers should be jumping on board relatively soon… or at least we hope so. You know how manufacturers and carriers can drag their feet when taking care of these software updates.
How to protect yourself
Thankfully, we don’t necessarily have to rely on software updates to keep our Android smartphones protected. Just switch over to PIN or pattern unlock methods and you will be fine. These other lock screen protection techniques are not susceptible to this vulnerability.