Bug in the lock-screen Android 5.0 Lollipop discovered and corrected by Google

News
212

Through a vulnerability on Android 5.0 Lollipop any malicious user could have access to the Home screen of a device. The bug, now public, has been corrected recently by Google.

Vulnerability on Android 5.0 Lollipop allow an attacker to bypass any protection on the unlock screen in a rather simple. It is enough for simply enter a password with a few tens of thousands of characters, 160000 if experienced, to cause an application crash and give everyone access to the sensitive data on your smartphone.

John Gordon explained in detail the vulnerability, the discovery of which dates back to June 25, and that has been corrected by Google on 9 September after having marked a moderate priority. The bug was then made public on September 14, just after the release of Android 5.1.1 build LMY48M. Many sources have pointed out that many users may still be undiscovered because of the delay in the manufacturers update their devices. Which it is true, but only partially and for a few isolated cases.

To cause unexpected crashes, Gordon has just performed an emergency call, inputting a sequence of several characters. To speed up the procedure has copied and pasted the sequence several times, until you get to about 160,000 characters. The threshold is reached, he copied the whole string, open the camera application, and when prompted for a password security, glued as the clipboard smartphone. In a few minutes, the device has rebooted independently, leaving the user-free access to the Home screen.

Because the procedure is successful, the device must use the method of unlocking password, so no PIN or pattern. Only in Nexus devices (or ROMs derived from stock and little changed) you can paste the content into the text field of the password, making it impossible to enter a greater number of characters than to those who are actually supported. Galaxy S6, Moto G 2015 and LG G4 seem inviolable from this point of view, with the vulnerability that was present on the Nexus, but that was promptly corrected before becoming public.

There are so vulnerable million Android devices in circulation as written by several sources, nor that we are facing a crisis in terms of safety for the green robot. Simply it was found a vulnerability, and it was only made public once the threat has passed.

Wisely 4450 posts 0 comments

This site was created by a group of passionate technology, with the purpose of collecting news, and review all the technological products at the moment.

You might also like More from author

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More