Android security flaw lets attackers in using a large password

Moto G 2015

There have been plenty of security holes involving mobile device lock screens, but a recently discovered Android flaw may give you more reasons than usual to be cautious. The technique bypasses the lock screen on most versions of Android Lollipop by crashing it with any large-enough password — all you need to do is work with that text while the camera app is open, and then enter it into the password prompt. When the attack works, you have as much access as the hardware’s rightful owner.

The exploit has already been fixed through a security update for Google’s Nexus devices, and it doesn’t work if you’re using either a PIN code or a pattern unlock. The odds that you’ll fall prey to this attack aren’t high, folks. Even so, there are a few reasons to be concerned. While Android device makers are getting better about timely security fixes, you may be stuck with hardware that either gets its patch late or not at all. And if you’re vulnerable, you may have to switch to a more predictable unlock method just to avoid the glitch. While this isn’t the end of the world by any stretch, it’s not exactly comforting.

Filed under:
,

Comments

Via:
Ars Technica

Source:
University of Texas

Tags: android, exploit, lockscreen, lollipop, mobilepostcross, security, smartphone, universityoftexas, video

Source: Engadget - Read the full article here

Author: Daily Tech Whip

This article is part of our 'News Tiles' service. The site is currently in Beta. When it is fully operational you will be able to search through and arrange the 'Tiles' to display a keyword, product or technology over your chosen time period. For example you would be able to display all of the leading tech articles on the new Kindle Fire, in one spot in real time. You will also have access to our own original reporting and analysis as well as a polished place to post your own thoughts & reviews here, amongst the Daily Tech Whip Community. Please let us know if you have any feedback via the contact form or via Twitter. Don't forget to come back next week and see our full site and claim your name and your own free tech blog.

Share This Post On