Android 5 Lockscreen Flaw Fixed
Thursday, September 17, 2015 @ 04:09 PM gHale
Google fixed a lockscreen bypass vulnerability for mobile devices running any Android 5 version, which an attacker could easily exploit, researchers said.
The attacker would need to have physical access to your device in order to execute the attack.
“By manipulating a sufficiently large string in the password field when the camera app is active an attacker is able to destabilize the lockscreen, causing it to crash to the home screen. At this point arbitrary applications can be run or adb developer access can be enabled to gain full access to the device and expose any data contained therein,” John Vernon Gordon III, a senior network security analyst at the University of Texas at Austin Information Security Office (ISO).
Google is aware of the flaw and fixed it in Android 5.1.1 build LMY48M pushed out a week ago.
The problem of other OEMs and device makers slowly shipping patches is not as big a problem because users can change their password into a PIN or pattern to be safe from such an attack.