Android 5 Lockscreen Flaw Fixed

Thursday, September 17, 2015 @ 04:09 PM gHale

Google fixed a lockscreen bypass vulnerability for mobile devices running any Android 5 version, which an attacker could easily exploit, researchers said.

The attacker would need to have physical access to your device in order to execute the attack.

Google Search Console as Hacker Tool
Tough Ransomware Targets Android
Zero Day Flaws in Browsers for Android
Google Patches Android Mediaserver Flaw

“By manipulating a sufficiently large string in the password field when the camera app is active an attacker is able to destabilize the lockscreen, causing it to crash to the home screen. At this point arbitrary applications can be run or adb developer access can be enabled to gain full access to the device and expose any data contained therein,” John Vernon Gordon III, a senior network security analyst at the University of Texas at Austin Information Security Office (ISO).

Google is aware of the flaw and fixed it in Android 5.1.1 build LMY48M pushed out a week ago.

The problem of other OEMs and device makers slowly shipping patches is not as big a problem because users can change their password into a PIN or pattern to be safe from such an attack.