A vulnerability has been discovered in certain Android operating systems, which would allow an attacker to bypass the lock screen and gain full access to a locked device. The vulnerability was discovered by the University of Texas and reported to the Android security team back in June with an update appearing this month which fixes the problem. Versions of Android affected include v 5.0 through v 5.1.1 “LMY48M”.
The attack relies on the attacker having physical access to the device and the user having a password set. The attack itself involves entering a large string of characters into the password field, while the camera app is active. By doing this the attacker is able to crash the lock screen and gain access to the home screen. At this point the device is unlocked and the attacker has full access to device, even with encryption enabled.
You can see the step by step guide over on the University of Texas security blog, and check out the proof of concept video below.
For those who are yet to receive the fix, the workaround is to use a pin or pattern based lock, which are not susceptible to this attack.
As we have seen over the years, lock screen bypasses are nothing new to the mobile space, with iOS suffering from a few attacks.