The flaw is the second in a fortnight to affect the lock screen of Android devices.
Advertisement
In other words, you can just paste in a very long string of random characters into the password field, (in the demonstration he uses stars), causing the phone to crach and then unlock.
“By manipulating a sufficiently large string in the password field when the camera app is active an attacker is able to destabilise the lockscreen, causing it to crash to the home screen”, he wrote in a notice published on the university’s website.
These devices will require a software update to fix the bug, but users will have to rely on the manufacturer of the smartphone and their mobile phone operator to roll out the update, rather than Google directly.
‘At this point arbitrary applications can be run or developer access can be enabled to gain full access to the device and expose any data contained therein’.
Once entered, return to the lockscreen and open the camera by swiping left before pulling the notification drawer down from the top of the screen.
Android will then ask for a password before displaying this window, which is when the copied password should be pasted. However, for Google it’s impossible to patch every Smartphone running on Android operating system as there are sheer number of Android Smartphone in the market to fix it all at once.
Samsung, HTC, and LG also promised to work with carriers to deliver monthly updates, signalling that efforts were underway to resolve the problem between Google, devices makers, and carriers of delivering Android security updates to end users.
The USA search giant described the glitch as a “moderate” severity issue.
Advertisement
The vulnerability could not be exploited if people had chosen a lock pattern or Pin code instead of a password. These types of security methods are not affected by the bug and hackers will have to find other ways to open your device. The first option is screen lock.
