Android hack: Phones can be unlocked by overloading screen with huge password

A bug has been found which allows anyone in possession of an Android smartphone running Lollipop to unlock the device by bypassing the lockscreen with a very long password.

The vulnerability, discovered by researchers at Texas University in Austin, potentially affects 21 per cent of Android devices in use and requires the attacker to simply overload the lockscreen with text.

The bug affects only those users with smartphones running Google’s Android Lollipop using a password to protect their devices - Pin or pattern unlock are not affected.

The attacker need only enter enough text into the password field to overwhelm the lockscreen and cause it to crash, revealing the homescreen and giving full access to the device, whether encrypted or not.

John Gordon from Texas university said : “By manipulating a sufficiently large string in the password field when the camera app is active an attacker is able to destabilise the lockscreen, causing it to crash to the home screen.”

Google released a fix for the security hole on Wednesday for its line of Nexus devices, describing the bug as of “moderate” severity, but that it was not actively being exploited by attackers according to the company’s knowledge.