To the average, untrained, movie-watching layman, the process of hacking into a phone or computer system may just seem like a lot of rapid and random typing, with hopes of accidentally cracking some secret code. Unfortunately, when it comes to the Android Lollipop operating system, that’s actually all it takes to bypass the lockscreen — just keep entering random letters, and eventually, you’ll overload the phone and proudly label yourself a successful cellphone hacker.
“By manipulating a sufficiently large string in the password field when the camera app is active, ” John Gordon of the University of Texas at Austin said, “An attacker is able to destabilize the lockscreen, causing it to crash to the home screen.” Yikes.
This rather alarming vulnerability, recently discovered by researchers at the University of Texas in Austin, is said to affect around 21 percent of phones, but only those running Lollipop, and only those with a text password. Users who employed PINs or pattern locks did not face the same issue (though these sorts of passwords certainly come with issues of their own).
Gordon told Slate that he discovered the vulnerability by complete accident while playing with his phone during a lengthy road trip. “I’m sitting in the passenger seat, bored, with no signal on my phone, so I start poking around and seeing what unexpected behavior I can cause,” he said. “A few idle hours of tapping every conceivable combination of elements on the screen can do wonders for finding bugs.”
Happily, Google has already rolled out a patch for affected devices, including the Nexus 4, 5, 6, 7, 9, and 10. Still, other phone makers will need to distribute the appropriate software to their own devices to ensure a complete fix to the issue.
The problem, while not particularly widespread, certainly seems like a significant cause for concern, as one would hope that today’s phones are sophisticated enough to withstand “attacks” that are little more than a system overload generated by, well, lots of letters. After hacking into the phones, researchers at UT were able to access everything available on them, including data, applications, photos, and more.
Of course, the hackers would need to have physical access to your phone in order to do any damage, and you could avoid the situation altogether by simply implementing a PIN or pattern to protect your phone, but still, this latest revelation doesn’t exactly inspire faith in the software.
That being said, ExtremeTech points out that there really isn’t anything to worry about, and that such vulnerabilities are discovered and subsequently addressed relatively frequently. As Ryan Whitwam writes, “This is how software patches work when handled responsibly — an issue is reported, a patch is issued, and the method is disclosed. There’s nothing unusual about this flaw, and there aren’t millions of phones out there with broken lock screens. Don’t believe the hype.”
