Android Lockscreens Bypassed through Random Long Password Vulnerability

Posted on September 16, 2015 by .

Share and Enjoy:
Follow Me on Pinterest More More

Naturally, after the release of a few new Apple devices, all of the hype surrounds everything with an “I” tied to its name. On the other side of the tracks, Android is coming under additional issues as attackers find a method to bypass the latest Android 5.x lock screens using long random passwords.

Android devices are disproportionately affecting my malware and security vulnerabilities when it comes to directly comparing them to Apple iOS devices.

The latest Android vulnerability, currently dubbed as CVE-2015-3860, affects Android versions 5.0.0 to 5.1.0, and can be exploited through an attempt to authenticate a password on the lock screen using several characters while the camera app is open.

Although the vulnerability has raised some questions and alerted many using Android devices, it is limited to access devices through physical access. In other words, the attacker must have the Android device in their hands and could then gain access to bypass the lock screen.

Android has not been the only one to succumb to such a vulnerability. Some time ago Apple iOS devices enabled attackers to bypass the lock screen by using Siri or in another instance by using the quick camera access to view photos. Much like the Android issue, iOS devices were vulnerable to allowing access through similar methods. Lucky for iOS users, a software update was quickly made available after the discovery. For Android, with this current vulnerability issue, it seems Google is a little slow on the uptake to resolve the issue for 5.x users.

The video below is a first-hand demonstration on how an Android device’s lock screen can be bypassed through the use of this vulnerability.

Popularity: 3%


Leave a Reply

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word