AUSTIN, TX- The University of Texas, Austin, recently published a research that shows an easy exploit for hackers who want to bypass lock screens of Android devices.
The only requirement is to own a device with a 5.0 to 5.1.1 Android version – except the latest LMY48M build – which needs a password to unlock. Encryption could be enabled or not; it doesn’t really matter.
Here’s what you need to do: First swipe left with your finger to activate the camera. Then go to Settings and wait for the smartphone to request a password. Then start typing random letters until your fingers fall off, or just a ridiculously large string of characters is enough to make the smartphone crash to the home screen.
The report adds:
“At this point arbitrary applications can be run or adb developer access can be enabled to gain full access to the device and expose any data contained therein,”
Now to save you a bit of time, there are various ways to copy and paste such a large sequence of characters. The University of Texas used the emergency dialling field and started copying-pasting the sequence, adding each time the whole line making it longer and longer. The result was then copied and pasted on the password field.
If you’ve freaked out already, now it is time to calm down. As soon as Google heard about that, it started working on the problem so now the company has rolled out a fix along with its monthly Android security update with build number “LMY48M”.
This one in particular, contained a few more significant bug fixes such as the Stagefright vulnerability. The vulnerability mentioned above has been named “Elevation of Privilege Vulnerability in Lockscreen (CVE-2015-3860)” and the fix has started rolling out for all Nexus phones from 4 to 10.
Though, it could still take up to weeks for the company to reach to all the Android smartphones out there. If you want to play safe until then, just switch your lockscreen into a pattern.
Source: University of Texas blog
Leave a Reply