But given Android’s problem of depending on carriers to push out patches to devices, Gordon believes that most of the affected phones remain vulnerable for now.
Advertisement
Do you have an Android device running any 5.x version before the latest 5.1.1, build LMY48M?
Meanwhile, the bug is also reported to only harming the users who are now using Smartphone’s running Google’s Android Lollipop, which uses a secret code to guard their devices.
The flaw in question was discovered by University of Texas researchers and relies on the password field on the lock screen.
This proof of concept video shows the whole process and how involved it is. Unfortunately the effect of that crash is to drop you onto the phones home screen, thus allowing complete access to the phone. The technique is simple, add a substantial amount of characters into the emergency call window and copy the characters into the Android clipboard.
The researcher, John Gordon, has demonstrated how the lockscreen password on a Nexus smartphone can be bypassed. “At this point”, says the post, “it is possible to enable USB debugging normally and access the device to issue arbitrary commands or access the files on the device with the full permissions of the device owner”. By using the camera, the settings pull down menu and prompting the password entry screen the long text string could be pasted into the password box causing it to crash.
We recently told you that Google and some of its third-party manufacturers have pledged to release monthly security fixes for Android devices. Then comes the steps that you can find in the source link below, which involves repeatedly copying asterisks to insane lengths and crashing the lockscreen by pasting that extra long string of stars into the password field.
Very little is truly secure in this digital age, with numerous options out there to crack smartphone lock screens.
Advertisement
Google has rolled out a fix for this vulnerability this week, prior to the University’s public report on the matter, and the patch is already making its way to Nexus devices.
