Report: New hack lets an attacker bypass password-locked Android home screens

BY GreenBot Staff

Published 16 Sep 2015

If no one has been able to convince you to take your device’s security seriously, perhaps this hack will do it.

A video uncovered by Ars Technica shows someone able to use the emergency call access to gain entry to a locked phone, even though it’s protected with a password.

The individual in the video types a large string of characters into the call window copies them to the device’s clipboard. The hacker is then able to open the camera from the locked device, access the options menu, paste several characters into the password prompt. The phone then unlocks. 

The vulnerability was introduced in Android 5.0 was fixed in the Y48M Android 5.1.1 build released to Nexus devices (you can always grab it yourself from the Nexus Factory Images page.) However, the vast majority of Android hsets aren’t of the Nexus variety, which means you’re vulnerable to this hack until your device is updates. Fortunately, the attack only works if you use a password to unlock your device; you can use a N or pattern unlock to protect yourself. If you use a fingerprint unlock, you would need to have a N or pattern as the backup to fully stay secure.

y this matters: It hasn’t been a great year for Android security, as this minor hack comes after the big scare of Stagefright. It demonstrates that device manufacturers all need to step up their game so everyone can enjoy better security not worry about a new hack every week.