Android Lollipop Users Vulnerable to Massive Password Hack Attack

  • 1
    Share

A group of researchers at Texas University in Austin, have discovered a security flaw in mobile phones running the Android Lollipop version.

Android Lollipop Users Vulnerable to ‘Massive Password Hack’ Attack

What is this security flaw?
This flaw allows anyone to bypass the lockscreen of an Android phone by using a massive password, and expose the home screen, thereby giving full access to the phone and its contents.

How does the attack work?
The attack works by opening the camera app first, pulling down the notification drawer from top of the screen, and tapping on the settings icon on the top-right corner. This will prompt the user for the password. Now, the user has to enter a massive password (an extremely long string of words; could be even ************************). This will overwhelm the lockscreen, causing the camera app to crash, exposing the home screen.

Who all are vulnerable to this attack?
Android Lollipop (5.0) users who use PASSWORD to protect their device could be vulnerable to this security bug. PIN or PATTERN locks are not affected. However, it isn’t clear whether all range of Android Lollipop devices are affected with this bug.

Note: Google has already released the security fix for this bug for its line of Nexus devices. As of now, this  fix is yet to be released to other smartphone makers who will then push the update out to their respective customers.

What is the Temporary Fix?
Users can change their lockscreen preference to PIN. They can also switch to PATTERN LOCK, but we do not recommend this, as it’s not a reliable form of security.

To conclude, this attack cannot be performed remotely, and requires physical access to the phone; in which case, a user who has had their phone lost/stolen are at risk. Just so you know, Quick Heal Mobile Security app lets you lock your lost/stolen phone with the help of a simple SMS command. Doing this will ensure that your phone is not misused.

If you think this post is helpful, share it with your friends, family members, and acquaintances. If you wish to receive such alerts and security tips directly to your inbox, then click here to subscribe to our blog.

Source:
https://www.dailymail.co.uk
https://www.theguardian.com

Rajiv Singha

Rajiv Singha

31 Comments

Your email address will not be published.

CAPTCHA Image

  1. Avatar prateek choudharySeptember 30, 2015 at 10:36 AM

    I disagree to that , android has an option of total 8 different along with the newly introduced fingerprint scanner , the only way i can think of getting past the lock screen is if someone resets the software itself without touching the internal SD data . That is easy . But your theory is wrong & i can prove this with my current handset , Also in your Blog you have not mentioned what android lollipop version it has been affected . I guess you need to research this a bit further .

    Reply
    • Rajiv Singha Rajiv SinghaOctober 1, 2015 at 10:37 AM

      Hi Prateek,

      Thank you for the comment. The blog post addresses the concern that is related to a security bug in the PASSWORD lock mode. And the finger print scanner is a functionality not present in all Lollipop devices. Hence, our only intention was to give a heads-up to our users about this so that they can be on a safer side. As far as the attack is concerned, this is how it is performed – https://youtu.be/J-pFCXEqB7A

      Regards,

      Reply
      • Avatar Prateek ChoudharyOctober 1, 2015 at 11:56 PM

        Rajib,

        If you have noticed the video ,carefully not all functionality is open , even when adb is enable but when you connect the usb cable it will again ask for the passcode also the settings window will hang , I have tried with 3 versions of lollipop & the only affected version device i have noticed is Code name Mako also known as nexus 4 with 5.0.0 the unaffected versions are 5.0.2 & 5.1.1 . By the way your quickheal security app is only working till it has a working sim & a signal in it . remove the sim card & remove the app via ADB pull command your security app is disabled . Hence even with your security app its not full proof . I still feel you need more research on this .

        Reply
  2. Avatar suman kumarOctober 1, 2015 at 3:43 PM

    please informed me when any problem persuing on my laptop due to virus

    Reply
  3. Avatar PARITOSH SANGHAVIOctober 1, 2015 at 5:02 PM

    USE JUST APPLE PHONE …. THE IOS SYSTEM AS IT IS BETTER THAN ANDROID

    Reply
  4. Avatar jkmeenaOctober 1, 2015 at 7:59 PM

    please give some more information

    Reply
  5. Avatar Avishek MondalOctober 1, 2015 at 8:19 PM

    thanx for the post really helpful

    Reply
  6. Avatar RohitOctober 2, 2015 at 11:17 AM

    Nice this

    Reply
  8. Avatar G vijaysen varmaOctober 3, 2015 at 7:38 AM

    TQ For quick heal team

    Reply
  9. Avatar JitENdeR kumarOctober 3, 2015 at 10:54 AM

    Vary gud

    Reply
  10. Avatar aquib shaikhOctober 3, 2015 at 3:27 PM

    Nice version

    Reply
  11. Avatar aquib 4October 3, 2015 at 3:29 PM

    Very nice version

    Reply
  12. Avatar prasad pathariOctober 3, 2015 at 5:44 PM

    Thanku Quickheal

    Reply
  13. Avatar Guru DayalOctober 3, 2015 at 8:53 PM

    Good

    Reply
  14. Avatar PrajjwalpandeyOctober 4, 2015 at 10:41 AM

    It’s nice to uses

    Reply
  15. Avatar Lalit kumarOctober 4, 2015 at 1:35 PM

    Nice

    Reply
  16. Avatar HarshilOctober 4, 2015 at 2:29 PM

    Tnx fr the info

    Reply
  17. Avatar Vidya GaikwadOctober 4, 2015 at 3:30 PM

    Nice..

    Reply
  19. Avatar Vitthal patilOctober 4, 2015 at 5:35 PM

    Good

    Reply
  20. Avatar sagar shindeOctober 5, 2015 at 12:55 AM

    Good

    Reply
  21. Avatar sagar shindeOctober 5, 2015 at 12:56 AM

    Nice

    Reply
  22. Avatar Debasis DasOctober 5, 2015 at 1:30 PM

    good

    Reply
  23. Avatar PrajjwalpandeyOctober 5, 2015 at 6:37 PM

    It’s to nice for use.

    Reply
  25. Avatar sanjeev topnoOctober 9, 2015 at 11:38 AM

    very nice

    Reply
  26. Avatar kashishkashishsetgOctober 27, 2015 at 7:51 PM

    It’s is not use to me this lock

    Reply
  28. Avatar santhoshDecember 19, 2015 at 6:23 PM

    Niceeee

    Reply

This website uses cookies to ensure you get the best experience on our website. Learn more