A critical bug allows hackers to gain access to Android smartphones/tablets lockscreen with a simple hack. Security researchers from University of Texas, Austin have discovered a critical flaw in Android smartphones and tablets which lets hackers gain complete access to a Android smartphone by just inputting a special characters in the lockscreen window. According to the researchers this Android smartphone hack affects all devices running versions of Android 5.x which means that a millions of Android smartphones in circulation worldwide are susceptible. The hacking technique is very simple and can be exploited even by a noob. It is done by adding a large number of characters in the emergency call window and then copying it on the Android clipboard. After inserting the long string into the window, the hacker then swipes open the camera from the locked device and swipes down for more options menu and pastes the characters in the resulting password prompt. Normally a Android smartphone owner would get an error message, but in this case, due to the vulnerability, the phone simply unlocks giving access to the hacker to do almost anything.
For the hack to work, the hacker should have the following :
Attacker must have physical access to the device User must have a password set (pattern / pin configurations do not appear to be exploitable)
The process of attack :
Proof-of-Concept video :
The PoC video is given below :
For the hack to work, the hacker should have the following :The process of attack :Proof-of-Concept video :Affected Android smartphones :Mitigation techniques :
Affected Android smartphones :
The researchers stated that they have informed the Android security team about the vulnerability and Android released 5.1.1 build LMY48M containing fix for this vulnerability. However the patch has percolated only to the owners of Nexus 4, 5, 6, 7, 9, and 10. As with every Android smartphone vulnerability, the sheer number of versions in the market make it impossible for Google to patch every smartphone running on Android operating system. Also many smartphone manufacturers are lazy in passing the patches to the end customers effectively rendering such smartphones vulnerable to this attack.
Mitigation techniques :
Those smartphones which haven’t received the update yet could immediately switch to a PIN or pattern-based lockscreen to avoid potential hack and loss of personal data.