Android Lollipop failure allows to unlock your phone

Hexamob | Alberto Mulas - 09/18/2015

None of us like to know that our security mechanisms are flawed. So the same happen when we learn that a guy from the University of Texas has discovered how to bypass the password of an Android Lollipop phone.

From what we have seen in the video and what the perpetrator tell us what we are facing is a failure affecting Android Lollipop versions that are on the market to date, except those who have already received the update LMY48M. Unfortunately, few phones have Android family upgrade to that, making it possible to bypass the password lock screen.

Basically, what we see in this video is a user getting fussy lock screen and limited features offered for Android skip the password. Start with the emergency call, saturating the dialer-based copy and paste strings of characters. Once we begin to see how the phone will need to make the cursor appear insists a little more and go directly to the camera. The vulnerability is only present if the user has chosen password or PIN as an option to protect his handset with Android Lollipop potential intruders and makes these intruders relatively easy to exploit this vulnerability.

The camera does not do anything special to get beyond continually focus. So the smartphone is already burdened with the impossible string of numbers and also with the approach. Then the user displays the top menu and tries to access the settings so that the implementation of the open camera, and it is another bonus.

While the phone is not too overwhelmed, again copy and paste the huge string of characters from the previous steps also in the password field will be enough. Once filled all as much as he could, he reopens the camera app and it is done.

Android Lollipop failure allows to unlock your phone