SCF Advanced Search



Members
Stats
  • Total Posts: 31628
  • Total Topics: 9514
  • Online Today: 1330
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Android 5 lock-screens password protection is Hacked !?  (Read 951 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7457
  • KARMA: 312
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Android 5 lock-screens password protection is Hacked !?
« on: 19. September 2015., 08:23:48 »


If you've got an Android 5 smartphone with anything but the very latest version of Lollipop on it: http://www.theregister.co.uk/2015/09/12/roundup_android_fireeye_impero/ , it's best to use a PIN or pattern to secure your lock-screen – because there's a trivial bypass for its password protection.

The vulnerability, details of which were published here by University of Texas researchers on Tuesday: http://sites.utexas.edu/iso/2015/09/15/android-5-lockscreen-bypass/ , allows miscreants to sidestep lock-screens on Android 5 devices, unless they've been fully patched to version 5.1.1 including last week's security updates.

"By manipulating a sufficiently large string in the password field when the camera app is active, an attacker is able to destabilize the lockscreen, causing it to crash to the home screen," the researchers write.

Yes, by typing in too many characters, you can kill off the security mechanism and gain full access to the device, even if its filesystem is encrypted – miscreants can exploit this to run any application, or enable adb developer access to the device: http://developer.android.com/tools/help/adb.html

The attack only works if the gadget has a lock-screen password set, the researchers note: the attack doesn't work against pattern or PIN setups.

Google patched the flaw here: https://code.google.com/p/android/issues/detail?id=178139
Nexus users who install the patch themselves can protect themselves – everyone else will have to wait for their network carrier to emit the updates over the air. T-Mobile US, for one, has already started doing this.

You can watch the bug being exploited in the video here: https://www.youtube.com/watch?v=J-pFCXEqB7A#t=23

(ElReg)

Samker's Computer Forum - SCforum.info

Android 5 lock-screens password protection is Hacked !?
« on: 19. September 2015., 08:23:48 »
Sponsored Links:




 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising