Android Lock Screen Vulnerability
If you are running the Google Android Lollipop mobile operating system and use a password to lock your phone, then your phone could be hacked. Ars Technica describes exactly how to bypass the lock screen:
“The technique begins by adding a large number of characters to the emergency call window and then copying them to the Android clipboard. (Presumably, there are other ways besides the emergency number screen to buffer a sufficiently large number of characters.) The hacker then swipes open the camera from the locked phone, accesses the options menu, and pastes the characters into the resulting password prompt. Instead of returning an error message, vulnerable handsets unlock.”
Android Lollipop is version 5.0 through 5.1.1 (current). A security analyst at the University of Texas is credited for the discovery. The University of Texas details exactly how to complete this hack.
PC World and The Register are both reporting that if you own a Nexus device and installed Google’s latest update, then you will have patched the vulnerability. The vulnerability is fixed in the 5.1.1 build LMY48M. Unfortunately as Wired reports, “due to the carrier’s inability to get patches out to the devices in a timely manner, then most devices are still vulnerable.”
If you are an Android user currently that uses a password and does not own the most up-to-date build of Lollipop 5.1.1 on a Nexus device, then you are likely still vulnerable. I would suggest you change to either a PIN or Pattern on your lock screen. The vulnerability is only for a password, so until your device gets the update, then this will protect your phone.
Hopefully in the future these carrier’s will have developed a method to roll out these updates in a timely manner to avoid these issues. There currently isn’t a timeline of when your device could get this update.
For future news regarding this vulnerability or other Android tips and issues, please visit Greenbot. This will be a great starting point as to if or when you can expect this issue to be patched on your device.