Android devices may be protected by a lock screen which requires some form of authentication before access to most phone features, its settings and the data stored on it is granted.
Users may protect the phone by password, pin or pattern for example, and there are other means of protection available as well, for instance by using Bluetooth device authentication or unlocking it based on locations you are in.
If you have set a password on your Android device and you are running Android 5.x, your phone is vulnerable to a lockscreen bypass attack.
The attack itself is surprisingly easy to carry out:
This attack works only if a password is used to protect the Android device. It won't work with pattern or pin locks. If you are using a password-based lock currently you may want to switch to pin or pattern-based instead for the meantime to protect your device from this attack.
The following video demonstrates the attack.
The Android developers have fixed the issue already but it takes time before the fix lands on affected devices.
Attackers need to have physical access to the device to carry out the attack. While that is a limitation, it is still recommended to not use password-based locks on Android 5.x devices until the vulnerability has been patched on affected devices.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.