Google Addresses Android Lockscreen Issue

Earlier this month Google released a security update to address 8 CVEs (defined) (2x critical severity, 4x high, 1x moderate, 1x low) within the Android smartphone operating system.

Among these issues was an Android lockscreen bypass. This issue involved entering a very large number of characters into the password prompt of the Android lockscreen when the Camera app is also open.

How Severe Is This Issue?
Google assigned it a moderate severity since it is an easy but tedious process to exploit this bug. In addition, this issue is only present if you are using a password to protect the lockscreen of your Android smartphone. More common methods of entering a PIN or using a pattern lock do not appear to be affected by this issue.

Moreover once exploited the attack will only have access to the apps on the home screen, they don’t obtain access to soft buttons or the keyboard. The security researcher who reported this issue to Google used Android Debug Bridge (adb) to access any data on the phone once it was in this partially unlocked state. Further discussion of this issue is provided in this Sophos blog post.

How Can I Protect Myself From This Issue?
Google released an over the air security update for its Nexus devices to fix this lockscreen (as well as other security issues). Please ensure that your Android device is running version 5.x (build LMY48M or later) to resolve this and the other security issues.

If your mobile carrier has not yet issued this update to your Android phone, please consider contacting them to check when this update will be issued to you and if possible find out how they plan on updating your phone each month as Google make updates available.

Thank you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s