Lock screen flaw found in Android devices

One of the most basic security steps for mobile devices turns out not to be secure after all. 

A flaw was discovered in the lock screen on Android mobile devices. Notably, the flaw affected the most recent version of Android, Lollipop.

If a password was chosen as the lock screen security method, attackers could enter an abnormally long string of characters, causing the screen to crash. That would allow unfettered access to the phone itself.

Android users who chose lock patterns or PINs weren’t affected. Google has since released a security patch for the problem.

2 security measures useless

Two very important steps for mobile and BYOD security wouldn’t protect users in this instance: always staying on the most recent version of operating systems and making sure the device is protected by a password.

That’s a relatively small group of users, however: Android lags behind iOS in adoption rates. Right now, only about a fifth of users (21%) are on most recent Android version.

And since Android users are notoriously slow to update their phones, it could be quite a while before the security update is installed – especially since Android relies on phone carriers to push those updates out.

1 important lesson

One thing that doesn’t change, however, is a rule that can’t be overstated: If a device is in an attacker’s hands, it’s probably as good as compromised anyway.

That’s why it’s important to protect devices with remote wipe and find my phone features. Otherwise, a simple passcode isn’t likely to deter attackers.

Make it a part of your BYOD policies that these features be required in exchange for BYOD privileges.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy