Android 5.0 “Lollipop,” the latest version of the Android phone operating system, is vulnerable to a simple hack that involves typing in a password so long that it causes the phone to crash before then booting to the unlocked home screen.
The vulnerability, discovered by John Gordon, is easy to exploit: simply open the phone’s “Emergency Call” feature, type a few characters and the repeatedly copy-and-paste them. The pasted text becomes longer and longer — Gordon’s reaches over 160,000 characters — and, as such, harder for the phone to handle.
Next, open the camera app which causes the phone to ask for a password into which the 160,000 character string is pasted. After a few minutes the phone restarts, booting straight to the unlocked home screen.
This hack is the latest in a long line of vulnerabilities that appear in major operating systems, including a text message hack that affected Android which was discovered in July and a malware hack that affects iOS discovered in September.