Wednesday, September 16, 2015

Android 5.x flaw lets anyone bypass a password protected lockscreen

If you're one of those people that care so much about your privacy that you selected the password protection on your Android smartphone over the simpler PIN or gesture methods, you may want to reconsider it: as the password protection is flawed and allows anyone to bypass it.

It's actually sad to see something that is designed to make things harder for anyone wanting to access your smartphone, ends up doing the exact opposite. But that's what's happening with password protected Android 5.x devices.

To bypass a password protected lockscreen you need only:

  1. Open the Emergency Call screen on the phone.
  2. You need to enter a long number there with lots of chars. The researchers suggest starting with 10 asterisks and then doubling these characters over and over, using copy and paste, until this is no longer possible (the field is not highlighted anymore) - you should end up with a "copied" ultra-long sequence in your clipboard.
  3. Go back to the homescreen and open the camera application on the device.
  4. Swipe down to display the notifications drawer and tap on settings. This opens a password prompt automatically.
  5. Paste the same characters that you used in the Emergency Dialer into the password field. Repeat this process until the UI crashes (the buttons at the bottom of the screen disappear and the camera is displayed fullscreen.
  6. The camera will crash eventually as well and the homescreen is displayed. The phone is unlocked and you have full access to all apps and data on it.

After so many years and so many Android version, I can't really say how I feel about this kind of "basic" bugs. It's well known that buffer overflows are one of the nastiest vulnerabilities, and it's surprising to see Android still allowing unvalidated fields wherever it may be.

And then there's the other issue: though Google will surely patch things up quickly, what about the hundreds of thousands of devices out there, that may never get an update? It will leave all those using a password lockscreen vulnerable to attack.

No comments:

Post a Comment

Related Posts with Thumbnails

Amazon Store