The latest security flaw with Android devices will allow anyone with a grade school education to bypass a password-protected lock screen on any phone. A report published on September 22, 2015, revealed that any device running Lollipop, the latest Android operating system, could be hacked into by simply entering a very long password. This makes all Samsung Galaxy S6, HTC One, LG G4, and other popular Android phone models vulnerable to the exploit.
The vulnerability was documented in a video posted by computer security researcher John Gordon. He showed that entering a large amount of text in the password field on a phone’s lock screen would overload the device and allow access to the home screen.
The hack, while time-consuming, is relatively easy to perform. All hackers have to do is use the phone’s “emergency call” feature and type a little text. After that, they can just start repeatedly copying and pasting the same text.
Once hackers have a long string of characters, they can open up the camera app to force the phone to require a password. Then they paste long text a few times until it crashes the system. After about five minutes, the device will unlock and go straight to the home screen. The total number of characters Gordon used has been estimated at around 163,840.
Google was informed of the flaw in August and made a patch available for it last week. Phones, however, still need to be updated to the newest software version to correct the problem. Google’s line of Nexus devices has been the first to receive the update. It is unknown when the patch will be made available to Samsung, HTC, and other manufacturers’ phones, since Android’s update system is slow.
This vulnerability obviously poses a huge security risk. It allows anyone who picks up a stranger’s phone to have access to all their contacts, logs, text messages, and other things stored on the device that are normally inaccessible. All most consumers can do for now is wait for the manufacturers and cell network carriers to get the fix rolled out.