Any Android Lollipop device that is not using the latest build of the mobile operating system is vulnerable to having its lock screen bypassed by inputting a long string of characters as password. The bypass was discovered by researchers from the University of Texas this week and can be applied to any Android 5 device that does not have the latest security updates, released last week.
“A vulnerability exists in Android 5.x <= 5.1.1 (before build LMY48M) that allows an attacker to crash the lockscreen and gain full access to a locked device, even if encryption is enabled on the device,” the researchers wrote on the University of Texas blog. “By manipulating a sufficiently large string in the password field when the camera app is active, an attacker is able to destabilize the lockscreen, causing it to crash to the home screen.”
The Texas researchers also included a proof-of-concept video, tested using a Nexus 4 with an Android 5.1.1 factory image:
Google has patched the flaw, but in the meantime it is advised that Android Lollipop users that do not have the latest updates use either a PIN or pattern lock, since neither are vulnerable to the above exploit.
Thank you The Register for providing us with this information.
SOUNDS GREAT – Full stereo sound (12W peak power) gives your setup a booming audio…
Special Edition Yoshi design Ergonomic controller shape with Nintendo Switch button layout Detachable 10ft (3m)…
Fluid Motion: These flight rudder pedals are smooth and accurate that enable precise control over…
Heavy Equipment Bundle: Includes a steering wheel for heavy machinery, gas and brake pedals, and…
Low-profile Keys for an ergonomic gaming experience. With slimmer keycaps and shorter switches, enjoy natural…
Size & style: Ambidextrous lightweight mouse for gaming. Built for speed, control and comfort, with…