This site may earn affiliate commissions from the links on this page. Terms of use.

Android Lock

Google issued its first monthly Android security patch for Nexus devices a few days ago, and one of the items in the changelog was quite interesting. Google patched a lock screen bypass vulnerability that was nowadays in Android 5.0 and higher. That'south certainly a serious issues, and something that would exist a real trouble if it was out there unpatched.

Nonetheless ,even though the patch has been deployed, many reports are treating this as an apocalyptic security trouble for Android. But that's all due to a key misunderstanding of how Android works.

The flaw in question was discovered past Academy of Texas researchers and relies on the password field on the lock screen. So right off the bat, this vulnerability only applies if you're using a password lock method, considering information technology has a text field. A pattern or Pivot lock does not present such a field, fifty-fifty if you enter your lawmaking incorrectly multiple times. You need that text field considering the hack relies on pasting text into that field to crash the lock screen.

You can see in the video below how the hack works. It'south a legitimate lock screen bypass, simply it takes a few minutes to execute. Basically, you need to paste long strings of text into the field repeatedly, but only when accessed from the lock screen'due south photographic camera interface. Eventually, the camera and lock screen will both crash, and the telephone dumps you on to the home screen. Whoops. From that point, you have full admission to the phone until you lock information technology again. You lot tin exercise things similar enable USB debugging or authorize a bootloader unlock without whatever trouble.

Google has patched Nexus devices with build LMY48M and noted that there were no active exploits of this vulnerability in the wild. However, many of the news reports on this issue take pointed out with hyperbolic business that there are still about 1-fifth of Android devices from Samsung, LG, and others running un-patched versions of 5.x. What these hysterical warnings fail to accept into account is that none of those phones were vulnerable in the first place.

The flaw relies entirely upon a stock build of Android similar you'd notice on Nexus devices. All other OEMs take modified lock screens and camera apps. Many also accept their own keyboards that don't work with the problems. Just to make sure, I've tested a Samsung Galaxy S6, LG G4, and 2015 Moto K, and none of them seem to be vulnerable. You tin can't paste into the password field at all. And then what does this mean? Virtually every device with this issues has been fixed, and there's no need to panic.

This is how software patches work when handled responsibly — an issue is reported, a patch is issued, and the method is disclosed. There's zilch unusual almost this flaw, and there aren't millions of phones out there with broken lock screens. Don't believe the hype.