According to experts, the Android Lockscreen for devices using Lollipop 5.0 or 5.1 can easily be bypassed using a simple method. This shows that mobile phone users aren’t as safe as they had expected when protecting their gadgets with passwords.
The bug was revealed by John Gordon, security analyst at the information security office from the University of Texas. The method requires the hacker to add a large, random string of characters within the emergency call dial pad. That data is copied and stored within the phone’s clipboard and afterwards the attacker opens the camera app.
Upon trying to access the options menu, a password prompt appears. When the large text memorized in the clipboard is pasted there, the lockscreen crashes and the phone is unlocked. The hacker now has complete access to the phone and its contents, to the same degree as the rightful owner.
The vulnerability affects most of the smartphones using an Android Lollipop version, which represent more than 20% of the market. The bug was reported in late June, and Google has already addressed this moderate-severity vulnerability with a security update for Nexus 4, 5, 6, 7, 9 and 10.
As a result, attempting to follow the bypass steps on recently upgraded Android devices now returns an error message . This may not necessarily be such comforting news to users who may receive the patch with delay or fail to install it entirely. Sometimes these security patches are available to the general public after several months or years.
Devices running versions 5.0 to 5.1.1. will unlock if this software bug is exploited, unless they have been updated recently. Overall, the chances of being a victim of this attack are slim, but this exposed glitch may cause some clients to switch to other security methods, which aren’t so reliable either.
For instance, according to SplashData, too many users use passwords that are easy to crack, such as “123456” or “qwerty” and Android lock patterns tend to be dangerously predictable also.
77% of these visual codes start from one of the four corners of the screen, and 44% of the users prefer the top left one, revealed a study conducted by Norwegian University of Science and Technology graduate Marte Løge.
Lately, major companies have introduced more frequent security measures in order to safeguard their clients’ private information. Following the Stagefright bug, which sent malware to phone systems via MMS videos, LG promised to offer its users monthly updates.
Similarly, Google’s Nexus devices and Samsung’s smartphones will also benefit from monthly patches meant to guarantee their users’ safety. However, the actual timeliness of these updates depends on how fast carriers provide them to their subscribers.
Image Source: Flickr