Lock screen flaw found in Android

[ETRJ]

A security flaw in Android that lets people bypass the lock screen on a mobile device has been discovered by researchers at the University of Texas.

They found that trying to unlock the phone or tablet with an abnormally long password caused the lock screen to crash in certain conditions.

The flaw was limited to Android Lollipop, the most recent version of the mobile operating system.

Google issued a patch for its Nexus devices on Wednesday.

About 21% of Android users run affected versions of the operating system.

After crashing the lock screen, the researchers were able to access the phone's data and apps.

The vulnerability could not be exploited if people had chosen a lock pattern or Pin code instead of a password.

While Google is rolling out its fix for Nexus, other phone manufacturers are responsible for distributing the software to their own handsets.

Source: http://www.bbc.co.uk/news/technology-34268050

[OPSJono]

Does anyone actually use a "password" instead of a PIN or Pattern?

 

I'm not a fan of Password, too much of a pain, but I don't like Pattern's either, I find them too easy to break, just by watching someone once, or even just checking the finger grease lines on the screen. - I've always used a PIN. Easiest to enter (for me anyway) and I feel it's secure (enough).

 

p.s. Follow your own post.

 

<snipperino>

[Psykomantis00]

Lol

[decer304]

To be fair, my phone doesnt really have that much stuff on it, so usually pattern is fine. But after i got my S6, i use fingerprint, which is fast and safe. I dont think fingerprint should be affected by this exploit, unless it also impacts the backup passwords

[Ohlyver]

Well, my tablet's lock is long and for reasons

[OPSJono]

Well, my tablet's lock is long and for reasons

 

"Reasons"

 

"Science and Reasons and things"

[OPSJono]

To be fair, my phone doesnt really have that much stuff on it, so usually pattern is fine. But after i got my S6, i use fingerprint, which is fast and safe. I dont think fingerprint should be affected by this exploit, unless it also impacts the backup passwords

 

Yeah, fingerprint is usually a good way to go.

 

As long as it can't be tricked too easily with a piece of thin plastic that is!

 

(I think I remember a video getting past the iPhone 5s finger print sensor with paper or something) - But I could be wrong and the newer version is probably better anyway.

[,,,,,,,,,,,,,,,,,,,,,,,,,,]

Verified not working on One S with CM12.

[patrick3027]

Glad I switched back to CM11 monday

[WolfDeville]

Worked on my Z3. It just crashed but restarted pretty much instantly so I couldn't actually use the phone at all. I think there is a way to interrupt the restart though, I'll keep messing around with it.

 

Edit: Yep, got it to crash and can now fully use the phone. gg

[Tataffe]

I don't see the problem. Just buy a brand new device with the latest version of Android to get the problem fixed ...

[Kurosaki Isshin]

I don't see the problem. Just buy a brand new device with the latest version of Android to get the problem fixed ...

it isn't Apple man, you can just install a new ROM on the Phone..

[thexzenon]

While still a problem, it's not really that huge since people would need to have physical access to the device and also we're not sure how many people use passwords instead of PINs and patterns. Hopefully all devices get patched for this, you never know if anything's safe these days  

[xXChaoticSymphonyXx]

Well, my tablet's lock is long and for reasons

 

 

Ahh ... Porn.

[Kamil]

And there's the flaw of Android: Not the FACT that there's bugs, but the fact that once a bug is discovered it's gonna be months before the fix actually trickles down through the manufacturers and carriers.

Fortunately, I don't use a password so no harm to me.

[lubblig]

Just tested this on an iPhone to see if I could replicate it on iOS (iOS 9 GM seed). After several thousands of letters typed, the entire phone crashed... Though, I guess that's better than having everything about you (in the phone) to be revealed if someone would steal your phone.

[Doobeedoo]

I still can't understand how they can't give an option to disable swipe before pattern and implement dark theme. So lame.

[Nineshadow]

Knock code ftw.

[Ohlyver]

Ahh ... Porn.

Actually not with my tablet...

[jaggysnake57]

one of the biggest issues i have with android. the fact that important updates can take weeks or months to drop....they need to sort that out

[Glenwing]

Please read the thread at the top of this section entitled "READ BEFORE POSTING in this section!" before posting in this section.

Do not just copy-paste your source article here.