Researchers at the information security office of the University of Texas in Austin have discovered a new lockscreen vulnerability which affects Android smartphones.
Advertisement
Software bugs that allow attackers to bypass smartphone lockscreens are common enough for both Android and iOS devices, but like a fender bender on the highway, many of us can’t resist the urge to gawk anyway. But given Android’s problem of depending on carriers to push out patches to devices, Gordon believes that most of the affected phones remain vulnerable for now.
For instance, according to SplashData, too many users use passwords that are easy to crack, such as “123456” or “qwerty” and Android lock patterns tend to be dangerously predictable also. From here, hackers could access arbitrary apps or enable developer access on the device to gain full access of the device. But, instead of showing an error message, the phone simply unlocks, Ars Technica reports. The hacker can then dump a sufficiently long string of characters in the field, and as a result, the handset will crash to the home screen.
The hacker then opens the phone’s camera and accesses the options menu at the top of the screen, all while the device is still locked.
Now to save you a bit of time, there are various ways to copy and paste such a large sequence of characters.
This process is then repeated until the attacker can no longer highlight the field with the double-tapping (approximately 11 repetitions).
Advertisement
This causes a password prompt to appear. The vulnerability was discovered in late June, with Google escalating severity from “Low” to “Moderate” by mid-July, after being privately informed on the issue. The researcher only tested the bug on a Nexus device, which Google made a patch available for last Friday in the 5.1.1 release, though over the air updates can take longer to deliver. In a blog post he provides full details of how to exploit the vulnerability, which even works on devices that have encryption enabled.
