Your Android Lollipop Camera Has a bug That Can Bypass The Lock Screen

Sep 22, 2015

Udi Tirosh

Udi Tirosh is an entrepreneur, photography inventor, journalist, educator, and writer based in Israel. With over 25 years of experience in the photo-video industry, Udi has built and sold several photography-related brands. Udi has a double degree in mass media communications and computer science.

Sep 22, 2015

Udi Tirosh

Udi Tirosh is an entrepreneur, photography inventor, journalist, educator, and writer based in Israel. With over 25 years of experience in the photo-video industry, Udi has built and sold several photography-related brands. Udi has a double degree in mass media communications and computer science.

Join the Discussion

Share on:

android-camera

One of the nice features on Android phones is the ability to access the camera without having to go through the annoying process of unlocking the phone. While this feature is very comfortable, it opens a door to all kind of mischief. Especially if you have access to a friend`s phone. You can always take some funny photos that their parents would be surprised to see if they flip through the gallery. This is funny but really quite harmless, researchers from the University of Texas discovered that once the camera is active, it can be used to bypass the home screen lock and access the phone. And that is quite less harmless.

The vulnerability, first reported to Goggle in June involves creating a long string of characters by copy/pasting numbers into the emergency call screen. Then, starting the camera app from the lock screen by swiping left and trying to access the settings page by swiping down. Normally, you can not do that and will be prompted for a password.

If you continue pasting the long string of characters from the emergency call screen, the camera app will eventually crash and expose the home screen (it is sometimes partially exposed, but still provides plenty of access).

Google did release a pack for native android for this bug, but sadly many android users that do not use the native android version will have to wait for the phone manufacturer to issue a firmware fix. With the amount of devices running android, this may take quite some time….

The research page mentions that the phone must have a security set in pin or password form to be able to accomplish this breakin, and that devices which have pattern lock are safe from the issue. So if you are concerned, you can switch to pattern lock until you get a firmware fix.

This movie shows the security issue, I have to admit it quite boring, so you may wanna skip to 8:00 where the action starts.

YouTube video

[Android 5.x Lockscreen Bypass (CVE-2015-3860) via zdnet]

Filed Under:

Tagged With:

Find this interesting? Share it with your friends!

Udi Tirosh

Udi Tirosh

Udi Tirosh is an entrepreneur, photography inventor, journalist, educator, and writer based in Israel. With over 25 years of experience in the photo-video industry, Udi has built and sold several photography-related brands. Udi has a double degree in mass media communications and computer science.

Join the Discussion

DIYP Comment Policy
Be nice, be on-topic, no personal information or flames.

Leave a Reply

Your email address will not be published. Required fields are marked *