If you have an Android phone protected with a password then your phone is not as safe as you think it is. A new and easy way to bypass the password lock is been found. It can be done by just copy-pasting long string of characters.
A bug has been found in Android smartphones running Android Lollipop in which by simply entering a very long password causing the lock screen to crash, you can break into the phone.
How to do it?
The attacker need only enter enough text into the password field to overwhelm the lockscreen and cause it to crash, revealing the home screen and giving full access to the device, whether encrypted or not.
This was discovered by researchers at Texas University in Austin. Around 21% of the Android devices are running on Lollipop which implies that 21% of the phones can be easily attacked by this very simple process.Although Google released a fix for this on Wednesday for Nexus devices, describing the bug as of “moderate” severity,it was not actively being exploited by attackers according to the company’s knowledge.
John Gordon from Texas university said: “By manipulating a sufficiently large string in the password field when the camera app is active an attacker is able to destabilise the lockscreen, causing it to crash to the home screen.”
How to escape from it for time being?
The attack requires physical access to the smartphone, and cannot be performed remotely. Users worried by the attack can change their lockscreen preferences to a pattern unlock or Pin code, which can be up to 16 characters long, instead of a password.
What to hope for?
After the stage fright security vulnerability, Google, Samsung, LG and other Android smartphone manufacturers recently pledged to release monthly security updates for their latest devices, in an attempt to help prevent this kind of attack being used.
