A group of researchers at Texas University in Austin, have discovered a security flaw in mobile phones running the Android Lollipop version.
What is this security flaw?
This flaw allows anyone to bypass the lockscreen of an Android phone by using a massive password, and expose the home screen, thereby giving full access to the phone and its contents.
How does the attack work?
The attack works by opening the camera app first, pulling down the notification drawer from top of the screen, and tapping on the settings icon on the top-right corner. This will prompt the user for the password. Now, the user has to enter a massive password (an extremely long string of words; could be even ************************). This will overwhelm the lockscreen, causing the camera app to crash, exposing the home screen.
Who all are vulnerable to this attack?
Android Lollipop (5.0) users who use PASSWORD to protect their device could be vulnerable to this security bug. PIN or PATTERN locks are not affected. However, it isn’t clear whether all range of Android Lollipop devices are affected with this bug.
Note: Google has already released the security fix for this bug for its line of Nexus devices. As of now, this fix is yet to be released to other smartphone makers who will then push the update out to their respective customers.
What is the Temporary Fix?
Users can change their lockscreen preference to PIN. They can also switch to PATTERN LOCK, but we do not recommend this, as it’s not a reliable form of security.
To conclude, this attack cannot be performed remotely, and requires physical access to the phone; in which case, a user who has had their phone lost/stolen are at risk. Just so you know, Quick Heal Mobile Security app lets you lock your lost/stolen phone with the help of a simple SMS command. Doing this will ensure that your phone is not misused.
If you think this post is helpful, share it with your friends, family members, and acquaintances. If you wish to receive such alerts and security tips directly to your inbox, then click here to subscribe to our blog.