A group of researchers at Texas University in Austin, have discovered a security flaw in mobile phones running the Android Lollipop version.
How does the attack work?
The attack works by opening the camera app first, pulling down the notification drawer from top of the screen, and tapping on the settings icon on the top-right corner. This will prompt the user for the password. Now, the user has to enter a massive password (an extremely long string of words; could be even ************************). This will overwhelm the lockscreen, causing the camera app to crash, exposing the home screen.
Who all are vulnerable to this attack?
Android Lollipop (5.0) users who use PASSWORD to protect their device could be vulnerable to this security bug. PIN or PATTERN locks are not affected. However, it isn’t clear whether all range of Android Lollipop devices are affected with this bug.
Note: Google has already released the security fix for this bug for its line of Nexus devices. As of now, this fix is yet to be released to other smartphone makers who will then push the update out to their respective customers.
What is the Temporary Fix?
Users can change their lockscreen preference to PIN. They can also switch to PATTERN LOCK, but we do not recommend this, as it’s not a reliable form of security.
To conclude, this attack cannot be performed remotely, and requires physical access to the phone; in which case, a user who has had their phone lost/stolen are at risk. Just so you know, Quick Heal Mobile Security app lets you lock your lost/stolen phone with the help of a simple SMS command. Doing this will ensure that your phone is not misused.
If you think this post is helpful, share it with your friends, family members, and acquaintances. If you wish to receive such alerts and security tips directly to your inbox, then click here to subscribe to our blog.
I disagree to that , android has an option of total 8 different along with the newly introduced fingerprint scanner , the only way i can think of getting past the lock screen is if someone resets the software itself without touching the internal SD data . That is easy . But your theory is wrong & i can prove this with my current handset , Also in your Blog you have not mentioned what android lollipop version it has been affected . I guess you need to research this a bit further .
Thank you for the comment. The blog post addresses the concern that is related to a security bug in the PASSWORD lock mode. And the finger print scanner is a functionality not present in all Lollipop devices. Hence, our only intention was to give a heads-up to our users about this so that they can be on a safer side. As far as the attack is concerned, this is how it is performed – https://youtu.be/J-pFCXEqB7A
If you have noticed the video ,carefully not all functionality is open , even when adb is enable but when you connect the usb cable it will again ask for the passcode also the settings window will hang , I have tried with 3 versions of lollipop & the only affected version device i have noticed is Code name Mako also known as nexus 4 with 5.0.0 the unaffected versions are 5.0.2 & 5.1.1 . By the way your quickheal security app is only working till it has a working sim & a signal in it . remove the sim card & remove the app via ADB pull command your security app is disabled . Hence even with your security app its not full proof . I still feel you need more research on this .
please informed me when any problem persuing on my laptop due to virus
USE JUST APPLE PHONE …. THE IOS SYSTEM AS IT IS BETTER THAN ANDROID
please give some more information
Please click on the link below for more information on this:
thanx for the post really helpful
TQ For quick heal team
Very nice version
It’s nice to uses
Tnx fr the info
It’s to nice for use.
It’s is not use to me this lock