Trying to hack an Android? Just keep typing random letters

Gigaset Android phones
Andy Boxall/Digital Trends
To the average, untrained, movie-watching layman, the process of hacking into a phone or computer system may just seem like a lot of rapid and random typing, with hopes of accidentally cracking some secret code. Unfortunately, when it comes to the Android Lollipop operating system, that’s actually all it takes to bypass the lockscreen — just keep entering random letters, and eventually, you’ll overload the phone and proudly label yourself a successful cellphone hacker.

“By manipulating a sufficiently large string in the password field when the camera app is active, ” John Gordon of the University of Texas at Austin said, “An attacker is able to destabilize the lockscreen, causing it to crash to the home screen.” Yikes.

This rather alarming vulnerability, recently discovered by researchers at the University of Texas in Austin, is said to affect around 21 percent of phones, but only those running Lollipop, and only those with a text password. Users who employed PINs or pattern locks did not face the same issue (though these sorts of passwords certainly come with issues of their own).

Gordon told Slate that he discovered the vulnerability by complete accident while playing with his phone during a lengthy road trip. “I’m sitting in the passenger seat, bored, with no signal on my phone, so I start poking around and seeing what unexpected behavior I can cause,” he said. “A few idle hours of tapping every conceivable combination of elements on the screen can do wonders for finding bugs.”

Happily, Google has already rolled out a patch for affected devices, including the Nexus 4, 5, 6, 7, 9, and 10. Still, other phone makers will need to distribute the appropriate software to their own devices to ensure a complete fix to the issue.

The problem, while not particularly widespread, certainly seems like a significant cause for concern, as one would hope that today’s phones are sophisticated enough to withstand “attacks” that are little more than a system overload generated by, well, lots of letters. After hacking into the phones, researchers at UT were able to access everything available on them, including data, applications, photos, and more.

Of course, the hackers would need to have physical access to your phone in order to do any damage, and you could avoid the situation altogether by simply implementing a PIN or pattern to protect your phone, but still, this latest revelation doesn’t exactly inspire faith in the software.

That being said, ExtremeTech points out that there really isn’t anything to worry about, and that such vulnerabilities are discovered and subsequently addressed relatively frequently. As Ryan Whitwam writes, “This is how software patches work when handled responsibly — an issue is reported, a patch is issued, and the method is disclosed. There’s nothing unusual about this flaw, and there aren’t millions of phones out there with broken lock screens. Don’t believe the hype.”

Emerging Tech

A.I.-generated text is supercharging fake news. This is how we fight back

A new A.I. tool is reportedly able to spot passages of text written by algorithm. Here's why similar systems might prove essential in a world of fake news created by smart machines.

24 must-have apps for rooted Android phones and tablets

Rooting your Android device opens up a world of possibilities, along with a few apps. Here are 24 of our favorites, so you can make the most of your rooted device and unleash the true power of Android.
Smart Home

The best smart locks to increase your home security in 2019

A good smart lock should offer a combination of security and convenience. Fortunately, these devices keep your home protected, your family safe, and your belongings secure from possible intruders.
Social Media

A Facebook, Instagram bug exposed millions of passwords to its employees

Facebook, Facebook Lite, and Instagram passwords weren't properly encrypted and could be viewed by employees, the company said Thursday. The network estimates millions of users were affected.

Google hit with another fine by the EU, this time for $1.7 billion

Google has been fined for the third time by the EU, this time for breaching antitrust laws by requiring third-party websites using its search function to prioritize its ads over competitors.

You can now use the innovative Red Hydrogen One on Google Fi

The Red Hydrogen One was first announced in 2017 and has been delayed a few times since then. Now, the Red Hydrogen One is finally available, featuring a Qualcomm Snapdragon 835, 6GB of RAM, and 128GB of storage.
Social Media

Facebook Messenger adds quoted replies to better organize group chats

Facebook is rolling out a feature that should help make group chats a whole lot more organized. The feature allows you to reply to specific messages within a group chat, so others will be able to tell what you're replying to.

The best Apple AirPods alternatives for Android, Windows, and iOS devices

Apple AirPods might be new and improved, but they aren't the only game in town. Other makers are offering their own truly wireless earbuds, with attractive features. These are the best AirPod alternatives on the market today.

Browse safely and securely with Opera’s unlimited VPN on Android

Opera has added a new VPN to its Android browser, offering an easy way to keep your privacy and data locked up solid, and with no limits on usage or cost, you can keep it on all the time.

Need a quick battery boost? Try one of our favorite portable chargers

Battery life still tops the polls when it comes to smartphone concerns. If it’s bugging you, then maybe it’s time to snag yourself a portable charger. Here are our picks for the best portable chargers.

The Samsung Galaxy S10 5G might be a few short weeks away from launch

Samsung has announced a whopping four new Galaxy S10 devices, from the low-cost S10e to the triple-camera S10 and S10 Plus. But it's the Galaxy S10 5G that steals the show as it's among the first 5G-ready smartphones to hit the market.

Fossil made a smartwatch in 2004, and it’s part of a new brand retrospective

Fossil has been making watches for 35 years, and to celebrate the anniversary, it has a new retrospective exhibit complete with the first smartwatch it made — the Wrist Net watch from 2004.

Fossil is working on a smartwatch with BMW, and it’s coming next year

Fossil, the watch company that makes smartwatches under its own name and partners with other major brands too, intends to launch a smartwatch with car manufacturer BMW in the future.

Diesel’s denim-inspired smartwatch straps are a casual, colorful must-own

Diesel will release two new versions of the On Full Guard 2.5 smartwatch later this year, with seriously cool, denim-inspired straps in classic Diesel colors. We tried them on at the Baselworld 2019 show.