Last week, CNN Money reported on a video showing a rather easy Android exploitation that bypasses the device’s lock mechanism. The video (below) was posted on YouTube, and a full write-up of the hack is available from the University of Texas at Austin.
The video demonstrates that by repeatedly entering characters, making the password longer and longer, a hacker can overload the devices computer and gain access to the unlocked homepage. In the video, characters are copied from the emergency call dial pad and repeatedly pasted into the password box — CNN noted that this method allows the character size to quickly grow to upwards of 40,960.
An encouraging thing to note from the comment section of the video is that the hack doesn’t appear to work across all Android devices–– a good sign indeed, as the issue may be contained to a few errors, or an old error that has been corrected in more recent models. Either way, it’s definitely worth ten minutes of your time to see if your Android device can be so easily — and critically — compromised.
It’s not uncommon for Internet users to have a degree of naivety when it comes to the exact robustness of our computers or connected devices: between our reliance on these devices, and the privacy we’ve been assured of by their manufacturers, it’s hard not to fall into the trap of naivety. In situations like this recent Android hack, we are jerked back into the reality that we cannot blindly trust that our devices are perfectly secure. Even though we exist in an unparalleled technological moment, it doesn’t mean our technology is perfect, and the assumption that it is allows us to be lulled into a false sense of security that leaves our devices and data as prey for hackers.
About Ryan Jeethan
Ryan is a recent graduate of the University of Waterloo’s Arts & Business program focusing on UW’s unique Speech Communication program.