Bypass the Android Lollipop lockscreen by entering a really long password

LG G3 Lollipop 1

A lengthy password is a good thing, right? For some Android users running Lollipop, however, it may be possible to bypass the lockscreen simply by entering a password that is incredibly long. Copy and paste a lengthy string into the password field, and it is possible to crash the lockscreen and gain access to the phone or tablet.

While the vulnerability is worrying, it is not something that can be exploited remotely -- it is necessary to have physical access to the phone. The bug was discovered by security researchers at Texas University and while a patch has been issued for Nexus devices, other handsets remain vulnerable.

John Gordon from the university reveals that it is possible to use the Emergency Call feature that can be accessed from the lockscreen to generate lengthy strings of text that ultimately provide unrestricted access without knowing the correct password. In a blog post he provides full details of how to exploit the vulnerability, which even works on devices that have encryption enabled.

It's not a particularly quick process, nor is it guaranteed to work, but it will be a concern for many Lollipop users. A video has been published showing the exploit in action.

If you are concerned about the vulnerability and have a device for which a patch is yet to be issued, you might want to consider switching to PIN or pattern protection, as these are unaffected.

11 Responses to Bypass the Android Lollipop lockscreen by entering a really long password

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.