According to one of their recent discoveries, there’s a bug that affects 21 percent of Android devices in use and it basically allows anyone to unlock your password-protected device by bypassing the lock screen with an extremely lengthy password. In August, it committed a patch to resolve the issue and on September 9th, announced that the 5.1.1 build LMY48M had fixed the issue. After inserting the long string into the window, the hacker then open the camera from the locked device and swipes down for more options menu and pastes the characters in the resulting password prompt. Copy and paste a lengthy string into the password field, and it is possible to crash the lockscreen and gain access to the phone or tablet.
You can see the step by step guide over on the University of Texas security blog, and check out the proof of concept video below. Just replace your password with a PIN, pattern lock, or fingerprint unlock, and you should be fine. The same build number handled the Stagefright vulnerability in Android devices.
After the attack the hacker then has full access to your apps, settings and any data stored on the device.
The lock screen on your phone might not be foolproof as you thought. But 2015 has been a hard year for Android as the operating system has made a number of headlines because of security flaws and exploits. The hacker now has complete access to the phone and its contents, to the same degree as the rightful owner.
There’s an easy way to bypass the lockscreen in devices running Android 5.0 Lollipop – at least, those which have not yet received the latest security update. Although because Android updates to other phones have to filter down through wireless carriers and phone-makers, the fix could take a while to get to non-Nexus owners. That overloads the computer, which redirects you to the phone’s home screen.
Google patched the flaw here. All other OEMs have modified lock screens and camera apps.