broken android by Paul King and MS. PaintIf you’ve got Android 5.0 through 5.1.1, password unlock, and a toddler chances are you may have discovered this vulnerability already in the way that Android deals with, or fails to deal with, extremely long password input. It should be noted that this hack doesn’t work on all Android 5.x devices as various manufacturers do tend to do things differently.

The quick and easy way to replicate the hack is to lock your phone, go into the emergency call window, input a large number of characters and copy them to the clipboard, go back to the camera, go to the options menu, and paste an obscenely large amount of data into the password field.

You can see the proof of concept attack on a Nexus 4 factory image of Android 5.1.1 (build LMY48I) by starting the video, or clicking through to the proof of concept page here

It’s a fairly long video, but it shows with about eight minutes of access time you can bypass password security on affected phones.

The issue does not affect pattern or PIN unlock, just password.

Nexus devices have patches flowing, several manufactures do not have this vulnerability based on YouTube commentary, I haven’t had a chance to test it on my device nor do I know if you have to have access to the copy/paste functions or if you can just keep typing away.

[Ars Technica]