GIFT a SubscriptionGift
HamberMenu
  1. Cricket
  2. Data
  3. Health
  4. Opinion
  5. SEARCH Icon
  1. Cricket
  2. Data
  3. Health
  4. Opinion
  5. SEARCH Icon

To enjoy additional benefits

GIFT a SubscriptionGift
ShowcaseCrossword+

CONNECT WITH US

year
Click here for our in-depth coverage of Lok Sabha and Assembly elections #ElectionsWithTheHindu

'Massive passwords can bypass Android lock screen'

September 16, 2015 08:49 pm | Updated October 22, 2016 10:05 am IST

Guardian
Google released a fix for the security hole for its line of Nexus devices, describing the bug as of “moderate” severity.

Google released a fix for the security hole for its line of Nexus devices, describing the bug as of “moderate” severity.

Smartphones running Android Lollipop can be unlocked by entering a very long password causing the lock screen to crash.

The vulnerability, discovered by researchers at Texas University in Austin, potentially affects >21% of Android devices in use and requires the attacker to simply overload the lockscreen with text.

The bug affects only those users with smartphones running Google’s Android Lollipop using a password to protect their devices. Pin or pattern unlock are not affected.

The attacker need to enter enough text into the password field to overwhelm the lockscreen and cause it to crash, revealing the homescreen and giving full access to the device, whether encrypted or not.

“By manipulating a sufficiently large string in the password field when the camera app is active an attacker is able to destabilise the lockscreen, causing it to crash to the home screen,”John Gordon from Texas university said.

Google released a fix for the security hole on Wednesday for its line of Nexus devices, describing the bug as of “moderate” severity, but that it was not actively being exploited by attackers, according to the company’s knowledge.

The researchers demonstrated the attack on a Google Nexus 4, and required the attacker to use the emergency call function to copy hundreds of characters to the clipboard.

About 20% of the billion android devices across the world run Google’s > latest version called Lollipop , including new devices from Samsung, LG and Sony.

These devices will require a > software update to fix the bug , but users will have to rely on the manufacturer of the smartphone and their mobile phone operator to roll out the update, rather than Google directly.

The attack requires physical access to the smartphone, and cannot be performed remotely. Users worried by the attack can change their lockscreen preferences to a pattern unlock or Pin code, which can be up to 16 characters long, instead of a password.

After the Stage fright security vulnerability , Google, Samsung, LG and other Android smartphone manufacturers recently pledged to release monthly security updates for their latest devices, in an attempt to help prevent this kind of attack being used.

Related stories

Related Topics

science and technology / technology (general)

Top News Today

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.