Researchers discover they can crack Android devices just by typing nonsense into password field
A worrying bug has been found that can lock Android smartphone users out of their device simply by entering long passwords.
Researchers at the University of Texas discovered that typing in a ‘sufficiently large’ long password to try and unlock Android devices caused the lock screen to crash in certain conditions, allowing access to the device.
Google has now released a patch for Nexus devices, which was found to affect devices running all but the latest version of Android Lollipop, however other manufacturers will need to take the responsibility for rolling out the update themselves.
The researchers found that the lock screen vulnerability could not be exploited if the user had set up a PIN code or lock pattern instead of a password.
After entering a lengthy password (pictured left) and crashing the lock screen, the researchers were able to access the phone’s data and apps, overcoming even encrypted file systems – meaning they could also install malicious apps.
“By manipulating a sufficiently large string in the password field when the camera app is active, an attacker is able to destabilize the lockscreen, causing it to crash to the home screen,” the researchers said.
The flaw is the second in a fortnight to affect the lock screen of Android devices.
Last week, security researchers at ESET discovered a new form of ransomware that locks out users by burrowing into a phone’s software. The Lockerpin malware alters a phone’s PIN lock function, stopping users from accessing their device unless they pay a ransom of $S500 ransom for allegedly viewing and harbouring forbidden pornographic material.
Are you a security pro? Try our quiz!