New Android 5 hack renders password protection useless
Vuln discovered by University of Texas researchers crashes UI and grants access to device
It has been discovered that Android devices running version 5 of the operating system, Lollipop, are vulnerable to a bypass attack that crashes the lockscreen, rendering password protection useless.
According to researchers at the University of Texas at Austin, the vulnerability affects users of Android 5 Lollipop who are using passwords to protect their devices. Users using patterns or PIN locks are not affected by this vulnerability, the researchers said.
However, the researchers added that it should be a worry for users who use password protection, as the attack is relatively simple to carry out.
“By manipulating a sufficiently large string in the password field when the camera app is active an attacker is able to destabilize the lockscreen, causing it to crash to the home screen. At this point arbitrary applications can be run or adb developer access can be enabled to gain full access to the device and expose any data contained therein,” the researchers wrote in a post on the University of Texas website.
It starts with the attacker opening up the Emergency Call screen on the phone. From there, the attacker should enter a long number with lots of characters. The researchers said that this could be made simpler by starting with 10 asterisks, and then copy-and-pasting those characters until it is no longer possible to type anything else into the field. Then they need to select all and copy.
From here, attackers can go back to the homescreen and open the camera app on the device. Then they can swipe down to bring up the notifications drawer, which also has a Settings button. Tapping on the Settings button opens up a password prompt. In here, the attacker just needs to paste the characters copied from the Emergency Dialler screen.
After repeated tries, the user interface will crash, with the camera displayed in full-screen mode. Afterwards, the camera will also crash, bringing up the main homescreen. From here, the attacker will have full access to the device.