Slashdot Mirror

← Back to Stories (view on slashdot.org)

Android Lollipop Can Be Hacked With Very Long Password

Posted by timothy on from the ipso-facto-presto dept.

Complex passwords are the way to beat some attacks, but for phones running the latest version of Android, that's not necessarily so: puddingebola writes with an excerpt from an article at CNN: Locked phones require a passcode. But there's a way to get around that. Just type in an insanely long password. That overloads the computer, which redirects you to the phone's home screen. It's a time-consuming hack, but it's actually easy to pull off. In a report published Tuesday, computer security researcher John Gordon documented the vulnerability and posted a video of the hack. It only affects smartphones using the latest version of the Android operating system, Lollipop.

6 of 170 comments (clear)

  1. Hardware Access by Barny · · Score: 2, Insightful

    Yeah, if you have hardware access to a device you own it. Nothing new to see.

    --
    ...
    /me sighs
    1. Re: Hardware Access by macs4all · · Score: 1, Insightful

      Or I could go to radio shack and buy a small actuator to do it for me.

      Really? You have a working Time Machine? Because that's the ONLY way you're going to buy any electronic components at a store called "Radio Shack".

  2. Breaking security by circletimessquare · · Score: 1, Insightful

    is nothing but a matter of time and effort. Nothing is secure. Anyone who touts how secure their software product is is in for a fall.

    Software security will be a game of whack-a-mole forever.

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  3. Comment removed by account_deleted · · Score: 4, Insightful

    Comment removed based on user account deletion

  4. Re:pin code not vulnerable by freeze128 · · Score: 1, Insightful

    When I set up and unlock swipe pattern on my phone, I wanted to make sure it was not something simple that someone would guess. I was dismayed that:

    You can't swipe to a non-adjacent point
    and
    If you double-back on your swipe path, you don't need to enter that double-back part of the path when unlocking.

    I think using a swipe pattern is even LESS secure than using a pin with the same number of digits as swipe points.

  5. Re:And it has been fixed by ITRambo · · Score: 5, Insightful

    I'm pretty sure that most users will not get the patch for a very long time, if ever, due to carriers not caring one bit about updating in a timely manner.