We want to bring to your attention that if you are an android user running Lollipop that rely on a password instead of a Personal Identification Number (PIN), fingerprint or pattern lock to protect your device, then, you have to consider switching to other security measures because you are not save at all.
Technology researchers at the University of Texas in Austin, United States have found an incredibly easy way to crash the lock screen of the device and gain access to it without wasting time.
According to Tech Spot, the vulnerability in Android Lollipop 5.0 through 5.1.1 (before build LMY48M), requires an attacker to have physical access to the device that is using a password as its security measure.
In this demonstration video below, what the attack needs to do is to open the emergency call window, enter many characters (such as asterisks), then copy and paste the string repeatedly until it is very long enough.
The attacker will then heads back to the lock screen and swipe left to open the camera and then swipe to open the notification drawer and tap the settings icon. This will automatically load a password prompt for the attacker.
From there, it is just a matter for the attacker to paste the character string as many times as possible. This will crash the User Interface of the device. After that the attacker will have access to what you think you have secured.
Therefore, it is simply advisable to avoid using a password on the lock screen and instead, rely on a PIN, fingerprint or pattern lock.
In June this year, researchers were said to have privately reported the vulnerability to Google’s Android security team. In July 1, the vulnerability was confirmed and assigned a low severity rating which was bumped up to moderate a couple of weeks later.
Recently also, all of Google’s official Android 5.x releases for its Nexus line of devices (Nexus 4, 5, 7, 9 and 10) were plagued by a memory leak issue. The Android 5.1.1 build LMY48M was released on September 9 and contains a fix for Nexus devices.
You want to support Anonymous Independent & Investigative News? Please, follow us on Twitter: Follow @AnonymousNewsHQ
This Article (Android 5.x Lock Screen Can Be Unlocked Using Long Password [Video]) is free and open source. You have permission to republish this article under a Creative Commons license with attribution to the author and AnonHQ.com
It didn’t work on my phone, I couldn’t paste the password.
Same here, I think most of the Android phones have this Copy + Paste function disabled on the passwords.
This will not work on most phones because many have copy + paste disabled and no notification pulldown before the phone is unlocked. If both of those work you can probably disable the camera from lock screen and use an applock on the settings app.
well, I believe most Android users use pattern lockscreen.
I think there shld be b4 Build no. LMY48N
Instead of LMY48M.
Sounds like a simple overflow error, doubt the devs thought anyone would try to overflow the password string.
I tried it on my phone but the notification drop down was not enabled ,so it’s not possible on every smartphone.
Good information, but there’s a typo in the first parapgraph. You guys need an editor.
And a typo in my comment. Lol. I stand corrected.