Android Lollipop Users Vulnerable to Massive Password Hack Attack

  • 1
    Share

A group of researchers at Texas University in Austin, have discovered a security flaw in mobile phones running the Android Lollipop version.

Android Lollipop Users Vulnerable to ‘Massive Password Hack’ Attack

What is this security flaw?

This flaw allows anyone to bypass the lockscreen of an Android phone by using a massive password, and expose the home screen, thereby giving full access to the phone and its contents.

How does the attack work?
The attack works by opening the camera app first, pulling down the notification drawer from top of the screen, and tapping on the settings icon on the top-right corner. This will prompt the user for the password. Now, the user has to enter a massive password (an extremely long string of words; could be even ************************). This will overwhelm the lockscreen, causing the camera app to crash, exposing the home screen.

Who all are vulnerable to this attack?
Android Lollipop (5.0) users who use PASSWORD to protect their device could be vulnerable to this security bug. PIN or PATTERN locks are not affected. However, it isn’t clear whether all range of Android Lollipop devices are affected with this bug.

Note: Google has already released the security fix for this bug for its line of Nexus devices. As of now, this  fix is yet to be released to other smartphone makers who will then push the update out to their respective customers.

What is the Temporary Fix?
Users can change their lockscreen preference to PIN. They can also switch to PATTERN LOCK, but we do not recommend this, as it’s not a reliable form of security.

To conclude, this attack cannot be performed remotely, and requires physical access to the phone; in which case, a user who has had their phone lost/stolen are at risk. Just so you know, Quick Heal Mobile Security app lets you lock your lost/stolen phone with the help of a simple SMS command. Doing this will ensure that your phone is not misused.

If you think this post is helpful, share it with your friends, family members, and acquaintances. If you wish to receive such alerts and security tips directly to your inbox, then click here to subscribe to our blog.

Source:
https://www.dailymail.co.uk
https://www.theguardian.com

Rajiv Singha

Rajiv Singha

Follow @Singha_Ra

Subscribe
Notify of
guest
31 Comments
Inline Feedbacks
View all comments
prateek choudhary
prateek choudhary
5 years ago

I disagree to that , android has an option of total 8 different along with the newly introduced fingerprint scanner , the only way i can think of getting past the lock screen is if someone resets the software itself without touching the internal SD data . That is easy . But your theory is wrong & i can prove this with my current handset , Also in your Blog you have not mentioned what android lollipop version it has been affected . I guess you need to research this a bit further .

Prateek Choudhary
Prateek Choudhary
5 years ago
Reply to  Rajib Singha

Rajib, If you have noticed the video ,carefully not all functionality is open , even when adb is enable but when you connect the usb cable it will again ask for the passcode also the settings window will hang , I have tried with 3 versions of lollipop & the only affected version device i have noticed is Code name Mako also known as nexus 4 with 5.0.0 the unaffected versions are 5.0.2 & 5.1.1 . By the way your quickheal security app is only working till it has a working sim & a signal in it . remove the… Read more »

suman kumar
suman kumar
5 years ago

please informed me when any problem persuing on my laptop due to virus

PARITOSH SANGHAVI
PARITOSH SANGHAVI
5 years ago

USE JUST APPLE PHONE …. THE IOS SYSTEM AS IT IS BETTER THAN ANDROID

jkmeena
jkmeena
5 years ago

please give some more information

Avishek Mondal
Avishek Mondal
5 years ago

thanx for the post really helpful

Rohit
Rohit
5 years ago

Nice this

ritesh
ritesh
5 years ago

good

G vijaysen varma
G vijaysen varma
5 years ago

TQ For quick heal team

JitENdeR kumar
JitENdeR kumar
5 years ago

Vary gud

aquib shaikh
aquib shaikh
5 years ago

Nice version

aquib 4
aquib 4
5 years ago

Very nice version

prasad pathari
prasad pathari
5 years ago

Thanku Quickheal

Guru Dayal
Guru Dayal
5 years ago

Good

Prajjwalpandey
Prajjwalpandey
5 years ago

It’s nice to uses

Lalit kumar
Lalit kumar
5 years ago

Nice

Harshil
Harshil
5 years ago

Tnx fr the info

Vidya Gaikwad
Vidya Gaikwad
5 years ago

Nice..

surend
surend
5 years ago

Good

Vitthal patil
Vitthal patil
5 years ago

Good

sagar shinde
sagar shinde
5 years ago

Good

sagar shinde
sagar shinde
5 years ago

Nice

Debasis Das
Debasis Das
5 years ago

good

Prajjwalpandey
Prajjwalpandey
5 years ago

It’s to nice for use.

vinay.s
vinay.s
5 years ago

Nice

sanjeev topno
sanjeev topno
5 years ago

very nice

kashishkashishsetg
kashishkashishsetg
5 years ago

It’s is not use to me this lock

Bani
Bani
5 years ago

NYC

santhosh
santhosh
5 years ago

Niceeee

31
0
Would love your thoughts, please comment.x
()
x