Android’s 5.x Lock Screen may be bypassed by attackers

download mod apk

Android devices may be protected by a lock screen which requires some form of authentication before access to most phone features, its settings and the data stored on it is granted.

Users may protect the phone by password, pin or pattern for example, and there are other means of protection available as well, for instance by using Bluetooth device authentication or unlocking it based on locations you are in.

If you have set a password on your Android device and you are running Android 5.x, your phone is vulnerable to a lockscreen bypass attack.

The attack itself is surprisingly easy to carry out:

mod apk
  1. Open the Emergency Call screen on the phone.
  2. You need to enter a long number there with lots of chars. The researchers suggested to start with 10 asterisks and then doubling these characters using copy and paste until this is no longer possible (the field is not highlighted anymore).
  3. Go back to the homescreen afterwards and open the camera application on the device.
  4. Swipe down to display the notifications drawer and tap on  settings. This opens a password prompt automatically.
  5. Paste the same characters that you used in the Emergency Dialer into the password field. Repeat this process until the UI crashes (the buttons at the bottom of the screen disappear and the camera is displayed fullscreen.
  6. The camera will crash eventually as well and the homescreen is displayed. The phone is unlocked and you have full access to all apps and data on it.

android lock password bypass attack

This attack works only if a password is used to protect the Android device. It won’t work with pattern or pin locks. If you are using a password-based lock currently you may want to switch to pin or pattern-based instead for the meantime to protect your device from this attack.

The following video demonstrates the attack.

[embedded content]

The Android developers have fixed the issue already but it takes time before the fix lands on affected devices.

Attackers need to have physical access to the device to carry out the attack. While that is a limitation, it is still recommended to not use password-based locks on Android 5.x devices until the vulnerability has been patched on affected devices.

Summary

Article Name

Android’s 5.x Lock Screen may be bypassed by attackers

Author

Martin Brinkmann

Description

Android 5.x devices may be vulnerable to a lockscreen bypass attack if a password is used to protect the device from unauthorized access.

About Martin Brinkmann

Martin Brinkmann is a journalist from Germany who founded Ghacks Technology News Back in 2005. He is passionate about all things tech and knows the Internet and computers like the back of his hand. You can follow Martin on Facebook, Twitter or Google+

You are here: Home > Google Android > Android’s 5.x Lock Screen may be bypassed by attackers

This entry passed through the Full-Text RSS service – if this is your content and you’re reading it on someone else’s site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers.