Massive Android security vulnerability revealed

Similarly, Google’s Nexus devices and Samsung’s smartphones will also benefit from monthly patches meant to guarantee their users’ safety. That’s certainly a serious bug, and something that would be a real problem if it was out there unpatched.

Software bugs that allow attackers to bypass smartphone lockscreens are common enough for both Android and iOS devices, but like a fender bender on the highway, many of us can’t resist the urge to gawk anyway. But that’s all due to a fundamental misunderstanding of how Android works.

The vulnerability, discovered by researchers at Texas University in Austin, potentially affects 21% of Android devices in use and requires the attacker to simply overload the lockscreen with text. Just switch over to PIN or pattern unlock methods and you will be fine.

With that stored, the hack involves the opening of the camera, from the lock screen.

Unfortunately according to the University of Texas’ information security office, it would seem that even having a PIN would be useless against a newly discovered lockscreen vulnerability. Paste your characters which you had copied into the password prompt that will pop out. “As the number of characters grows it causes the lockscreen process to become sluggish and eventually crash, leaving the home screen exposed”. Within 10 minutes, the lock screen will crash and you will have complete access to the device. He said he was then able to navigate to the settings application and enabled USB debugging and access the device via adb.

Google later elevated it to a moderate severity issue and has since issued a fix for the flaw, under the build number LMY48M, but this fix only applies to its own range of Nexus devices.

As a result, attempting to follow the bypass steps on recently upgraded Android devices now returns an error message. What these hysterical warnings fail to take into account is that none of those phones were vulnerable in the first place. Unfortunately a flaw in Android Lollipop makes it possible to get through with nothing but a bunch of gibberish. All other OEMs have modified lock screens and camera apps. Then tap once in the field and tap paste, doubling the characters in the field.

Very little is truly secure in this digital age, with numerous options out there to crack smartphone lock screens. Don’t believe the hype.