Android Lollipop, Down with Security Bug Threat that Bypasses Password
FREMONT, CA: Android Lollipop carries major security bug flaw where anyone in possession of the phone can unlock its password just by entering a very long password, discover researchers at Texas University in Austin. With 21 percent of the Android devices vulnerable to this attack, one has to do is to overload the password with long string of symbols while the camera app is running. This will aid the attacker to crash directly into the homepage granting complete access over the device. The attacker does not require any specialized technical knowledge for breaking the password even if encryption has been enabled.
The bug affects only if the user of the device enables password security, the method cannot be applied if the device is secured using pattern or pin configuration. The vulnerability is found only on version of Android 5.0 to 5.1.1 Lollipop. Google immediately released a fix for the security hole for Nexus devices, describing the bug as ‘moderate, severity. But a solution for resolving the bug was only released in the middle of August though it was reported to Google by John Gordon, the Security Analyst, UT’s information security office IN June points out JefCozza in an article for Enterprise Security Today.
In order to fix the bug, the devices need software update but to make this possible, the users have to depend on the manufacturer of the Smartphone and their mobile phone operator to roll out the update, rather than Google directly, states The Guardian.
According to JefCozza in the publication, after the Stagefright security bug issue, Google, Samsung, LG and other Android Smartphone manufacturers has assured a monthly security updates release for their latest devices in an attempt to avert this kind of attack.
By James Seevers, CIO & GM, Toyoda Gosei
By Bill Krivoshik, SVP & CIO, Time Warner Inc.
By Gregory Morrison, SVP & CIO, Cox Enterprises
By Alberto Ruocco, CIO, American Electric Power
By Bruce. D. Smith, SVP & CIO, Information Systems, Advocate...
By Adrian Mebane, VP-Global Ethics & Compliance, The Hershey...
By Graham Welch, Director-Cisco Security, Cisco
By Michael Watkins, Senior Product Director, Global Knowledge
By Bernd Schlotter, President of Services, Unify
By Patrick Hale, CIO, VITAS Healthcare
By Steve Bein, VP-GIS, Michael Baker International
By Jason Alan Snyder, CTO, Momentum Worldwide
By Mike Morris, CIO, Legends
By Louis Carr, Jr., CIO, Clark County
By Bill Dow, SVP and General Manager of Business Solutions,...
By Jim Whitehurst, CEO, Red Hat
By Darren Cockrel, CIO, Coyote Logistics, a UPS Company...
By Nathan Johnson, SVP and CIO, Werner Enterprises [NASDAQ:...
By David Tamayo, CIO, DCS Corporation
By Neil Hampshire, CIO, ModusLink Global Solutions, Inc....