AndroidGood and EVO

Android 5-5.1.1 password lock screen bug nullifies (some) security

broken android by Paul King and MS. PaintIf you’ve got Android 5.0 through 5.1.1, password unlock, and a toddler chances are you may have discovered this vulnerability already in the way that Android deals with, or fails to deal with, extremely long password input. It should be noted that this hack doesn’t work on all Android 5.x devices as various manufacturers do tend to do things differently.

The quick and easy way to replicate the hack is to lock your phone, go into the emergency call window, input a large number of characters and copy them to the clipboard, go back to the camera, go to the options menu, and paste an obscenely large amount of data into the password field.

You can see the proof of concept attack on a Nexus 4 factory image of Android 5.1.1 (build LMY48I) by starting the video, or clicking through to the proof of concept page here

It’s a fairly long video, but it shows with about eight minutes of access time you can bypass password security on affected phones.

The issue does not affect pattern or PIN unlock, just password.

Nexus devices have patches flowing, several manufactures do not have this vulnerability based on YouTube commentary, I haven’t had a chance to test it on my device nor do I know if you have to have access to the copy/paste functions or if you can just keep typing away.

[Ars Technica]
Pocketables does not accept targeted advertising, phony guest posts, paid reviews, etc. Help us keep this way with support on Patreon!
Become a patron at Patreon!

Paul E King

Paul King started with GoodAndEVO in 2011, which merged with Pocketables, and as of 2018 he's evidently the owner. He lives in Nashville, works at a film production company, is married with two kids. Facebook | Twitter | Donate | More posts by Paul | Subscribe to Paul's posts

Avatar of Paul E King