AH 2015 Android LOGO-107

Bug Leaves Android 5.x Vulnerable To Password Lock Screen Hack

September 16, 2015 - Written By Matthias Tan

If you have a smartphone which is running Android 5.0 (Lollipop) and is using a lock screen as security, you better take note. A software bug in the system has been exploited by a few hackers to cause your device to crash by inputting a very long stream of characters in the password field. If encryption is enabled, it does nothing to stop the hackers. The huge amount of characters causes the lock screen of your device to crash and this enables hackers to obtain complete control over your device to steal your data. These type of hacks are common occurrences between Android and IOS devices, but they make us constantly worry over our privacy and security.

A video posted on Youtube revealed the procedure. You can watch it here. The technique is simple, add a substantial amount of characters into the emergency call window and copy the characters into the Android clipboard. There are also other places to input your characters besides the emergency call screen. Next, swipe open the camera of the device and access the options menu. Paste your characters which you had copied into the password prompt that will pop out. Keep pasting your copied characters into the password prompt for at least 7 times, tap to confirm and wait for 10 minutes. The camera will be active while you are waiting for the lock screen to crash. Within 10 minutes, the lock screen will crash and you will have complete access to the device.

The developers at Google has released the ‘LMY48M’ Android 5.1.1 build update for the Nexus 4,5,6,7, 8,9 and 10 to counter this bug, but as of now, the update is still unavailable for Nexus users. Unfortunately, most updates can take months to be developed or released before it is available to the users of almost every type of smartphones with Android 5.0.While the updates are not coming just yet, we can still do something about this. Hackers must have physical access to your device in order to exploit the bug and the device must have a password.  The best thing that we can do for now is to switch to a PIN or a pattern-based lock screen. These types of security methods are not affected by the bug and hackers will have to find other ways to open your device. Just keep calm and change your method of security.