After finding out about the security hole Google promptly released a fix for their Nexus devices, describing the vulnerability as of “moderate” severity.
Advertisement
For instance, according to SplashData, too many users use passwords that are easy to crack, such as “123456” or “qwerty” and Android lock patterns tend to be dangerously predictable also.
They found that trying to unlock the phone or tablet with an abnormally long password caused the lock screen to crash in certain conditions. After this, any app can be run and developer access can be enabled to acquire complete control of the device and mistreat whatever sensitive data it might hold.
However, for the technique to succeed, John Gordon, security analyst at the University of Texas, said that the camera application was active throughout the procedure.
The issue is limited to phones that use a password rather than a PIN or pattern. Unfortunately a flaw in Android Lollipop makes it possible to get through with nothing but a bunch of gibberish. The resultant long string can then be copied and pasted on the password prompt. Then go to Settings and wait for the smartphone to request a password.
Google has released a patch for its Android operating system last week, which contained a fix for the bug CVE02015-3860.
Fortunately, the vulnerability was introduced in version 5, so the number of affected handsets is only a small fraction of the overall Android user base.
Google responded to this vulnerability by saying “we have not detected customer exploitation of the newly reported issues”, on a recent security bulletin. With some 1 billion Android smartphones, tablets and other devices in use around the world, that’s great.
Advertisement
Approaches to breaking through lock screens on phones are numerous, many merely involving an SD card with the right hack installed on it. Following the Stagefright bug, which sent malware to phone systems via MMS videos, LG promised to offer its users monthly updates. You need that text field because the hack relies on pasting text into that field to crash the lock screen.
