University of Texas discovered vulnerability in Android lockscreen Lollipop




A researcher from the University of Texas at Austin have discovered a method to circumvent an Android lock screen which is protected with a password. The exploit uses a weakness in the camera app and is in Android 5.0 and later.

The Android versions that the researcher reports as vulnerable Android 5.0 to Android 5.1.1 build LMY48M. In the build Google has solved the problem. The researcher demonstrates the bypass on a Nexus 4 that runs on Android 5.1.1 build LMY48I. It makes no difference whether the bypass encryption on or not. It is not clear whether the vulnerability also occurs in the ROMs of other manufacturers. According to figures from Google runs 22% of Android devices to version 5.0 or newer. 5.1% runs on version 5.1, but it is unclear how much of that was 5.1%, the vulnerability has already been solved. On 9 September, Google Android 5.1.1 build LMY48M released. Android M, the sixth version, does not appear to be vulnerable.

The bypass only works if the smartphone has set a lock screen password, and if an attacker has physical access to the device. The researcher from the lockscreen to the emergency call screen, performs a number of asterisks in, which copies it to the clipboard, paste it after the existing asterisks and repeat the process until the field is completely filled with the characters. Another sign may also be used. After about 11 repetitions is the full field.

Then he goes back to the lock screen and opens the camera. From there, the notification drawer is opened and the press it on the gear icon to navigate to the settings. Here he will be prompted for the password. If an attacker here the characters he has on the clipboard remains sticking in the password field, must eventually crash the camera app in the background. When that happens, the user when it is brought to the home screen and he can come good after opening the app drawer in the settings. Then he freely example, to turn on USB debugging and thus to make all the data owner and the files loot, or to install a malicious app.


In: Technology & Gadgets Asked By: [15446 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »