A new Android lockscreen bug has been discovered that lets hackers take full control of the device. The bug exists in Android devices running any version of Android Lollipop with a password lock and is quite easy to exploit. Before we explain how the bug works though, it is important to know that Google has released a patch to fix this already.
There is in fact a YouTube video demonstrating how to exploit the bug. The video shows that one simply needs to buffer a really long password string. You can use the Emergency Dialer for achieving the same. Once done, open the camera app from the lockscreen and perform any action, like tapping on the Settings icon from the notification tray, so that the device asks you to enter the password. Now paste the buffered string in the password field and tap Done to confirm. It will make the camera app crash and the home screen will be accessible. The time taken by the camera app to crash will vary from device to device.
Google released a fix for the bug last week with update for Android 5.1.1, build number LMY48M. It is available for Nexus 4, 5, 6, 7, 9, and 10. OEMs though will have to update their devices themselves. It is reported that the bug is present only on the password protected lockscreens at the moment.
Bugs and other vulnerabilities have often been found on Android devices. According to reports, one can exploit the data from motion sensors of a smartwatch to predict what the user has been typing on the keyboard. There are also reports that hackers can hack fingerprint sensors on Android devices.