Android Lollipop, Down with Security Bug Threat that Bypasses Password

By CIOReview | Thursday, October 8, 2015

FREMONT, CA: Android Lollipop carries major security bug flaw where anyone in possession of the phone can unlock its password just by entering a very long password, discover researchers at Texas University in Austin.  With 21 percent of the Android devices vulnerable to this attack, one has to do is to overload the password with long string of symbols while the camera app is running. This will aid the attacker to crash directly into the homepage granting complete access over the device. The attacker does not require any specialized technical knowledge for breaking the password even if encryption has been enabled.

The bug affects only if the user of the device enables password security, the method cannot be applied if the device is secured using pattern or pin configuration. The vulnerability is found only on version of Android 5.0 to 5.1.1 Lollipop. Google immediately released a fix for the security hole for Nexus devices, describing the bug as ‘moderate, severity. But a solution for resolving the bug was only released in the middle of August though it was reported to Google by John Gordon, the Security Analyst, UT’s information security office IN June points out JefCozza in an article for Enterprise Security Today.

In order to fix the bug, the devices need software update but to make this possible, the users have to depend on the manufacturer of the Smartphone and their mobile phone operator to roll out the update, rather than Google directly, states The Guardian.

According to JefCozza in the publication, after the Stagefright security bug issue, Google, Samsung, LG and other Android Smartphone manufacturers has assured a monthly security updates  release for their latest devices in an attempt to avert this kind of attack.