News
News Categories

Attackers could bypass Android lock screens with a large-enough password

By Koh Wanzi - on 17 Sep 2015, 5:15pm

Attackers could bypass Android lock screens with a large-enough password

Android Lollipop devices could be vulnerable to a newly discovered exploit that lets attackers into phones by crashing users' lock screens with a large-enough password. (Image Source: Google Blog)

If you’re keeping up to date with mobile security news, it may look as if an exploit is being discovered every other day. Experts at the University of Texas have apparently discovered a way to crash Android lock screens by crashing it with an extremely long password, effectively giving attackers a free pass to rifle through your device’s data.

Long story short: It involves entering the Emergency Call dialer, continually copying and pasting strings of characters into the field, and then pasting it again into the password prompt when the camera app is open.

The exploit affects most versions of Android Lollipop, but there’s actually less cause for concern than you think. For one, you’ll have to be using a password-protected lock screen for the exploit to be effective. This means that folks who lock their phones with a PIN code or pattern are in the clear. And of course, it requires an attacker to actually get hold of your device.

Still, that’s no reason to be entirely flippant about it. While a fix has already been rolled out to Google’s Nexus devices, other manufacturers are probably still lagging behind, despite pledges from companies like LG to push out security updates more promptly.

So if you don’t own a Nexus device, maybe it’s time to err on the side of caution and make sure your Android phone is protected by something other than a password.

Source: University of Texas via Engadget

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.