Android Password Vulnerability Discovered

September 23, 2015 •

android-password-vulnerability

Last week, a serious vulnerability was discovered in the Lollipop version of Android. It specifically affected phones using an active lock screen password. Someone who wanted access could take a phone and enter a long random string of text with the camera app active. The input would cause the phone to crash, which would expose the home screen without having to enter a correct password. From there, an intruder would have access to everything you have on your device, including text messages, emails, photos and any apps where you do not need to manually enter a password.

Are You at Risk?
A patch was issued right away for Nexus phones. But, the patch may take several weeks to get to other manufacturers and Android service providers. If you have versions between 5.0 and 5.1.1 and do not have a Nexus phone, there is a chance that your phone is vulnerable. About one-fifth of Android phones running Lollipop have the vulnerability. If you aren’t sure whether your phone is affected, contact your service provider. When new versions are issued, be sure to do an update right away.

A Quick Fix
This is a vulnerability that only affects Android phones with an active password. The quickest way to ensure your phone’s security is to switch to a different lock screen. PIN pads or pattern-based lock screens do not have a place to input a password, and so are not vulnerable to this hack.

Video via BGR.com