(Newswire.net — September 18, 2015) — If you believe your latest Android phone is safe because it is password protected, don’t be surprised when you find out that someone messed up your contact list.
Apparently, after typing a certain amount of characters, the Lollipop just pops-open to your phone’s home page and serves your data on a silver platter – well, almost.
In a report CNN Money published on Tuesday, computer security researcher John Gordon documented the vulnerability and posted a video of the hack. Reportedly, it only affects the Lollipop OS, used on the latest Android phone models.
According to the video, when you encounter a locked Lollipop Android OS phone, you just need to type a sequence then copy-paste it over and over until you get a sequence that’s approximately 40,960 characters long. Allegedly, this is sufficient enough to unlock the display for an emergency call.
You then open the phone’s camera app and prompt the phone to request a password. Paste the super long character string a few times until the system crashes. Wait about five minutes, and the phone will go straight to the unlocked home screen.
It is unlikely that a toddler could accidentally unlock your phone, but if you let the toddler type characters long enough, it will eventually bypass the lock screen. However, in hands of one who knows what he’s doing, your password protected latest generation Android phone becomes an open book with all your pictures, videos and other private data compromised.
Now, the question is how many characters are needed to confuse a Lollipop? Based on Gordon’s video, it looks like 163,840 total characters should do the work.
Reportedly, Gordon warned Google (GOOGL, Tech30) about the vulnerability back in August, and the company released a patch for the flaw last week.
The patch is already available for Google’s own line of phones — the various Nexus models, however, Samsung, LG and some others, are still behind and it’s not known when they’ll provide a patch for their models.