Hacking an Android phone can be as simple as typing in a really long password

Advertisement

Advertisement
android robot mascot

Flickr/Rob Bulmahn

Google's Android mascot.

Android 5.0 "Lollipop," the latest version of the Android phone operating system, is vulnerable to a simple hack that involves typing in a password so long that it causes the phone to crash before then booting to the unlocked home screen. 

The vulnerability, discovered by John Gordon, is easy to exploit: simply open the phone's "Emergency Call" feature, type a few characters and the repeatedly copy-and-paste them. The pasted text becomes longer and longer - Gordon's reaches over 160,000 characters - and, as such, harder for the phone to handle.

Next, open the camera app which causes the phone to ask for a password into which the 160,000 character string is pasted. After a few minutes the phone restarts, booting straight to the unlocked home screen. 

Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More

Gordon told CNN Money that he informed Google in August and the company has released a patch, but many users could remain affected due to the lag in Android software updates

Advertisement

This hack is the latest in a long line of vulnerabilities that appear in major operating systems, including a text message hack that affected Android which was discovered in July and a malware hack that affects iOS discovered in September.