Another security flaw has been discovered in Android, which apparently allows hackers to easily bypass an Android device’s lock screen, according to a research conducted by the University of Texas, Austin. Notably, the flaw is only restricted to Google’s latest Android 5.0 to Android 5.1.1 which have a password based lock, even if encryption is enabled on the device.
According to the research, swiping left on the handset’s lockscreen allows hackers to open the camera app through which they can access the ‘Settings’ page from the notifications panel. Once he taps on the Settings icon, the smartphone asks users to insert passwords. The hacker can then enter a sufficiently long password string which eventually crashes the handset to the home screen.
“At this point arbitrary applications can be run or developer access can be enabled to gain full access to the device and expose any data contained therein,” says the report.
The video below demonstrates exactly what happens. It all starts by punching in a large number of characters on the emergency call screen and then copying it to the Android clipboard. The hacker then swipes the camera icon from the locked screen, gets access to the options menu, and then pastes a long string of characters in the password prompt, which eventually unlocks the handset.
The flaw has apparently been fixed in Android 5.1.1 latest “LMY48M build released last week for all Nexus devices. Though as we all know, some devices never receive OTA security patches, leaving many users will be left vulnerable to the flaw. Hence, these users are advised to switch to a PIN or pattern based lockscreen, neither of which are vulnerable to such hacks.
Fortunately, only a small number of handsets have been affected by the flaw. While Google’s latest Android distribution claim that 21 percent of all Android devices have been affected by this vulnerability.