The hack was proven on a Nexus phone, but in theory it could affect ANY Android Lollipop device |
ANDROID users should be careful not to misplace their smartphones until they're sure they have updated to the latest version of Lollipop as a University researcher has revealed an EASY hack for the devices.
Android Lollipop smartphones can be unlocked with a simple hack, a security researcher from the University of Texas has claimed.
The researcher, John Gordon, has demonstrated how the lockscreen password on a Nexus smartphone can be bypassed.
In a nutshell, the attack is triggered by overloading the password field with characters while the camera is active – this causes the lockscreen to to crash and revert to an unprotected home screen.
After the attack has taken place, the hacker has full access to your apps, settings and any data stored on the device.
It's worth noting that for this hack to work, the attacker needs to have the smartphone in his or her hands and the smartphone needs to be using a password, rather than a pattern or PIN code.
If the Android device meets these criteria, it is possible to gain access to the device by opening the emergency dial keypad and filling the input field with a slew of random characters, like asterisks.
After the copying the overly-long assortment of characters, the hacker must return to the lock screen and swipe to open the camera.
Another swipe from the the top of the display exposes the Quick Settings menu. Clicking on the Settings Cog in the top-right of this dropdown will try to launch the full Settings app.
Android will then ask for a password before displaying this window, which is when the copied password should be pasted.
Watch the hack –
This takes multiples attempts – but after enough characters are pasted in the field the window reboots to the camera.
The camera then sits idly focusing for a staggering seven minutes in the video before the system crashes and reverts to an unlocked home screen.
Google has released a patch for its Android operating system last week, which contained a fix for the bug CVE02015-3860.
The US search giant described the glitch as a “moderate” severity issue.
The bug could theoretically now be used by any attacker on Nexus device that has yet to be patched
Texas University researcher John Gordon first reported the bug to Google and received a $500 reward for his trouble.
Post a Comment Blogger Facebook Disqus