Android Exploit Leverages Lengthy Password Entry To Bypass Lock Screen

The lock screen on your phone might not be foolproof as you thought. Researchers at The University of Texas at Austin released a demonstration this week of what they say is a vulnerability in mobile devices running Android 5.x. Also known as Lollipop, it is the latest version of Android and is run by many modern phones, including Samsung Galaxy,

Sourced through Scoop.it from: hothardware.com

The lock screen on your phone might not be foolproof as you thought. Researchers at The University of Texas at Austin released a demonstration this week of what they say is a vulnerability in mobile devices running Android 5.x. Also known as Lollipop, it is the latest version of Android and is run by many modern phones, including Samsung Galaxy, HTC One and Motorola Moto devices. Phone’s running the latest version of Android (5.5.1 build LMY48M) are not vulnerable.   The “Elevation of Privilege Vulnerability in Lockscreen (CVE-2015-3860)” takes several minutes to complete. Researchers claim that by putting too many characters into the lock screen of the phone while the camera app is active, they can cause the lock screen to crash. That gives them full access to the phone’s home screen, even encryption is enabled on it.    The process is repetitive and makes for one of the more unexciting videos on the Internet. To open the phone, the attacker copies and pastes characters in the Emergency Dialer until he has a huge number of characters. Then he opens the camera app, followed by the password prompt. Then, he pastes the text string into the password field multiple times until the lock screen crashes and the camera app appears full screen. From there, he can enable USB debugging and use the Android Debug Bridge (ADB) tool to access files or issues commands.

See on Scoop.itInternet of Things – Technology focus

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s