A security researcher has discovered an alarming security flaw within Android Lollipop that enables anyone to bypass the password lockscreen.
John Gordon, an analyst at the University of Texas’ information security office, found that by inputting a large enough string of characters into the password entry screen when the camera app was active the lockscreen became destabilised, causing it to crash and return to the homescreen.
The vulnerability is only present if the user has chosen a password, as opposed to a pin or pattern lockscreen, and an attacker must first gain physical access to the smartphone, but if this is achieved, exploiting the vulnerability is relatively straightforward.
“Type a few characters [in the emergency call screen], e.g. 10 asterisks,” Mr Gordon writes when explaining the process. “Double-tap the characters to highlight them and tap the copy button. Then tap once in the field and tap paste, doubling the characters in the field. Repeat this process of highlight all, copy, and paste until the field is so long that double-tapping no longer highlights the field. This usually occurs after 11 or so repetitions.”
It is then simply a case of opening the camera app by swiping left and then tapping the settings icon in order for the password prompt to appear. By continually pasting the long character chain into the password box, users should eventually cause the smartphone to malfunction and be greeted by the homescreen.
Mr Gordon has informed Google of the vulnerability and received $500 as part of its Android Rewards programme. A patch was issued last week resolving the “moderate” level security flaw, but often these updates can take a long time before they are adopted by the majority of smartphone users.