A new report by the University of Texas, Austin, has revealed an easy exploit hackers can use to bypass the lock screen of Android devices. The trick works on handsets running any OS version between Android 5.0 to Android 5.1.1 (but not the latest LMY48M build) with a password-based lock, even if encryption is enabled on the device. Google’s latest Android distribution numbers peg the affected handsets at 21 percent of all active Android devices.
According to the study, hackers would first have to swipe left from the handset lock screen to open the camera app and access the ‘Settings’ page from the notifications panel. On tapping the Settings icon, the hacker would see the smartphone asking users to insert a password. The hacker can then dump a sufficiently long string of characters in the field, and as a result, the handset will crash to the home screen. “At this point arbitrary applications can be run or adb developer access can be enabled to gain full access to the device and expose any data contained therein,” the report adds.
There are a few ways hackers could copy a large string of characters into the Android clipboard, and then paste it into the password prompt. The University of Texas study uses the emergency dialling field, and creates a long list of characters by copy-pasting a small sequence multiple times. The resultant long string can then be copied and pasted on the password prompt.
Fortunately, Google has addressed the particular vulnerability and last week started rolling out a fix as a part of its monthly Android security update with build number ‘LMY48M’, which featured several other fixes including for the Stagefright vulnerability. The fix for “Elevation of Privilege Vulnerability in Lockscreen (CVE-2015-3860)” has started rolling out to Nexus 4, Nexus 5, Nexus 6, Nexus 7, Nexus 9and Nexus 10. However, it can take weeks or even months for the update to reach all the vulnerable Android devices. For those who want an immediate solution, they can switch to a PIN or pattern-based lock screen.