Researchers from University of Texas has found a security flaw in the lock screen feature of Android 5.x. According to John Gordon, a network security analyst at the University of Texas, the issue exists in the password field - unable to handle a sufficiently long string while the camera app is active, allowing an attacker to crash the lock screen. From the locked screen, one can easily bypass the security. The potential attacker can open the emergency call window, fill it with characters, then copy those into the password field via the settings option on the locked screen until the user interface crashes. By using USB debugging normally allows access to vulnerable device to execute arbitrary command or gain access to files with full rights. Google was notified about the issue earlier this year and responded swiftly to release a security patch in June to rectify this issue. Google urge users to apply updates on earliest basis. <more>
Wednesday, September 23, 2015
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment