Previous Story
Android vulnerability allows lock screen bypass
Posted On Sep 18 2015
Comment: Off
The vulnerability could not be exploited if people had chosen a lock pattern or Pin code instead of a password. Hence, these users are advised to switch to a PIN or pattern based lockscreen, neither of which are vulnerable to such hacks.
A weakness in the Android 5 lock screen has been discovered by researchers at the University of Texas at Austin.
Only users of Nexus 4, 5, 6, 7, 9, and 10 are exempted from this theft as these phones have the patch files necessary to protect them from hackers.
It works by overloading the password field with characters while the camera is active.
However, Engadget included in its report that smartphone manufacturers are getting more effective and efficient on coming up with mobile features that address timely security fixes and avoid related glitches and bugs.
After researchers revealed the widespread Stagefright bug in August, Google vowed to release security patches on a regular, monthly cycle, the first of which came on September 9.
There’s an easy way to bypass the lockscreen in devices running Android 5.0 Lollipop – at least, those which have not yet received the latest security update. Then start typing random letters until your fingers fall off, or just a ridiculously large string of characters is enough to make the smartphone crash to the home screen.
According to one of their recent discoveries, there’s a bug that affects 21 percent of Android devices in use and it basically allows anyone to unlock your password-protected device by bypassing the lock screen with an extremely lengthy password.
“You have substantial access just from the crash to the home screen, you can run any app you want”.
The attacker can then “navigate to the settings application by any means possible” and, “at this point, it is possible to enable USB debugging normally and access the device via the adb tool to issue arbitrary commands”. The Stagefright flaw continues to bedevil Google, which has yet to address all of the vulnerabilities that researchers have found with the media library.
