The security flaw with Android Lollipop was discovered by security researchers with the University of Texas, Austin and demonstrated on a Nexus 4 smartphone. By doing this the attacker is able to crash the lock screen and gain access to the home screen. And by using that access to enable developer mode, he says that an attacker could also connect to the phone via USB and install malicious software.
“Luckily this behavior is only present in the password lockscreen, an uncommon configuration, so people using a PIN or pattern locks are likely safe”, Gordon said. But given Android’s problem of depending on carriers to push out patches to devices, Gordon believes that most of the affected phones remain vulnerable now.
According to the blog post’s step-by-step instructions, users can replicate the bug by typing a selection of random characters into the password field before selecting and copying them.
As seen in the clip above, one needs to open the emergency call window, enter in a bunch of characters (such as asterisks), then copy and paste the string repeatedly until it’s very long.
The newly-detected Android lockscreen vulnerability gives hackers the ability to gain full access to the smartphones of Android users and circumvent the password lockscreen entirely.
But this approach to bypassing an Android lock screen, uploaded to YouTube by jgor null yesterday, is remarkably straightforward.
Basically, any user that protects their Android Lollipop-run smartphone with a password screen are at risk of being easily hacked.
In July, for instance, mobile security company Zimperium announced the discovery of the Stagefright flaw, which allows attackers to exploit Android’s media library to deliver malicious code to a device.
Google responded to this vulnerability by saying “we have not detected customer exploitation of the newly reported issues”, on a recent security bulletin. The vulnerability was discovered in late June, with Google escalating severity from “Low” to “Moderate” by mid-July, after being privately informed on the issue. Other manufacturers often modify their lock screens and camera apps.
0 comments:
Post a Comment
What's On Your Mind?