Lock Screen Flaw – Android Lollipop
Researchers at University of Texas have found a security flaw in the latest version ofAndroid Lollipop,which enables users to evade the lock screen on mobile devices.
They have discovered that on attempting to unlock the phone or tablet with an unusually long password,tends to cause the lock screen to crash in some conditions. In the most recent version of the mobile operating system, the Lock Screen Flaw was restricted to Android Lollipop. Recently, Google had issued a patch for its Nexus devices.
Around 21% of Android users tend to run the Lock Screen Flaw affected version of the operating system. The researchers were able to access the phone’s data and apps after crashing the lock screen. This vulnerability is unable to be exploited if the user tends to choose a lock pattern or Pin code rather than a password. While Google came out with its fix for Nexus, several other developers had been responsible in distributing the software with their handsets.
Google had mentioned, at the time of releasing the patch that it had not yet perceived anyone manipulating the Lock Screen Flaw. Users having an Android 5 smartphone with the very latest version of Lollipop on it, need to use a PIN or pattern in order to secure their lock-screen since there could be some evasion in its password protection.
Too Many Characters – Kills Security Mechanism
The details of the vulnerability had been published by the University of Texas researchers recently enabling the culprits to evade lock-screens on Android 5 devices unless they had been patched totally to 5.1.1 version inclusive of the recent security updates.
The researchers have written that `on manipulating an adequate large string in the password field when the camera app tends to be active, an attacker is capable of destabilizing the lock-screen thereby resulting it to crash to the home screen’.
By editing in too many characters, one tends to kill off the security mechanism thereby obtaining full access to the device and inspite of its file system being encrypted, the culprits can exploit this to run any application or enable `app’ developer access to the device. This outbreak tends to work only if the gadget seems to have a lock-screen password set, according to the researchers and the attack does not work against pattern or PIN setups.
Remote Wipe & Find My Phone Features
Google has patched the Lock Screen Flaw and Nexus users who have installed the patch themselves can protect themselves while the others would have to wait for their network carrier to release the updates over the air. T-Mobile US for one has started doing this already.
Since Android users are particularly slow in updating their phones, it would be some time before the security update tends to get installed since Android depends on phone carriers in order to push those updates out. However, one thing which does not change is that if a device is in an attacker’s hand, it probably would be as good as compromised and hence it is essential to protect devices with remote wipe and find my phone features or a simple pass code would not be likely to dissuade culprits.
