Smartphones running android Lollipop may be unfastened by entering a really long password inflicting the lock screen to crash.
The vulnerability, discovered by researchers at Texas University in Austin, probably affects 21% of android devices in use and needs the offender to easily overload the lockscreen with text.
The bug affects solely those users with smartphones running Google’s android Lollipop employing a password to safeguard their devices. Pin or pattern unlock don’t seem to be affected.
The offender got to enter enough text into the password field to overwhelm the lockscreen and cause it to crash, revealing the homescreen and giving full access to the device, whether encrypted or not.
“By manipulating a sufficiently giant string within the password field once the camera app is active an offender is ready to destabilise the lockscreen, inflicting it to crash to the home screen,”John Gordon from American state university said.
Google released a fix for the safety hole on Wednesday for its line of Nexus devices, describing the bug as of “moderate” severity, however that it had been not actively being exploited by attackers, in keeping with the company’s data.
The researchers demonstrated the attack on a Google Nexus 4, and required the offender to use the emergency call function to repeat many characters to the writing board.
About 2 hundredth of the billion android devices across the globe run Google’s latest version referred to as Lollipop, as well as new devices from Samsung, LG and Sony.
These devices would force a package update to repair the bug, however users will have to place confidence in the manufacturer of the smartphone and their itinerant operator to roll out the update, instead of Google directly.
The attack needs physical access to the smartphone, and can’t be performed remotely. Users upset by the attack will modify their lockscreen preferences to a pattern unlock or Pin code, which might be up to sixteen characters long, rather than a password.
After the fearful security vulnerability , Google, Samsung, LG and other android smartphone makers recently pledged to unleash monthly security updates for his or her latest devices, in an endeavor to assist forestall this sort of attack getting used.