Skip to content

September 17, 2015

Android vulnerability allowing attackers to easily bypass passwords in lock screens

by John_A

android-malware

We like to think our password-protected lock screens will keep our data secure. At the very least it should force thieves to perform a factory reset and keep our private information away from strange hands, right? The truth is this is not always the case. As with any other operating system, Android has its faults, and the guys over at The University of Texas at Austin have discovered a pretty nasty bug that can grant anyone access to certain phones.

The attacker needs no software or coding, nor does he really have to be an experienced tech geek. This is really pretty simple to do, which is why we can’t call it a hack. The good news is that it only affects devices running Android 5.0 to 5.1.1 Lollipop.They also have to be using a password-protected lock screen. In addition, the attacker has to have the phone in his/her possession for some minutes.

hackers-hacking-hacks

How to access Android 5.x devices

This is no rocket science. The idea is pretty much to input so many characters into the password field that it will force the device buffer too much, choke and give in. But the phone can handle a lot of text, which is why the intruder will need to open up the camera app at the same time (which is also accessible without a password input).

In the video, we see the tester launching the phone app (Emergency Call) and creating a long string of characters by copying and pasting. Once it’s long enough, he switches over to the camera app, pulls down the notification bar and presses on the Settings button. This, of course, will request a password. From there, just keep pasting the same string of characters over and over within the text field. Eventually, the device will not be able to handle the lockscreen process and let the user right in.

https://www.youtube.com/watch?t=489&v=J-pFCXEqB7A

Where’s the fix?!

Pretty scary, right? I mean, it was reported only last month that about 18.1% of active Android devices are on Lollipop. That’s a whole lot of us, but we do have good news for you. This vulnerability has already been fixed for devices like the Nexus 4, 5, 6, 7, 9 and 10.

Other large phone makers should be jumping on board relatively soon… or at least we hope so. You know how manufacturers and carriers can drag their feet when taking care of these software updates.

SecurityCheckup_Blog_1200x646_2x

How to protect yourself

Thankfully, we don’t necessarily have to rely on software updates to keep our Android smartphones protected. Just switch over to PIN or pattern unlock methods and you will be fine. These other lock screen protection techniques are not susceptible to this vulnerability.

smartphone privacy security 3 Shutterstock

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

%d bloggers like this: