Google can remotely bypass the passcode of 74% of all Android devices

20:30 | 24.11.2015
Google can remotely bypass the passcode of 74% of all Android devices

Google can remotely bypass the passcode of 74% of all Android devices

Older versions of Android can be remotely reset by Google if the company is issued with a court order.

This is according to a document prepared by the New York District Attorney's Office which revealed just how easily investigators could see the contents of a device.

Devices running Android 5.0 and newer cannot be remotely reset as they use full disk encryption.

However, this option is not switched on by default.

It found any device using an older version of the operating system is vulnerable to remote reset.

According to the Android Developer Dashboard, this is 74.1 per cent of Android devices currently being used.

'Forensic examiners are able to bypass passcodes on some of those devices using a variety of forensic techniques,' the report reads.

'For some other types of Android devices, Google can reset the passcodes when served with a search warrant and an order instructing them to assist law enforcement to extract data from the device.

'This process can be done by Google remotely and allows forensic examiners to view the contents of a device.'

The report compares this against iOS by Apple. The company can't remotely bypass the passcode of any device running iOS 8 or higher, and provides full disk encryption by default.

To enable full disk encryption on newer Android devices, go to the 'security' or 'storage' sections of the settings.

According mobipicker.com, the situation highlights the vulnerable state of the security system in Android OS.

For instance, in September it was revealed that a security flaw in the latest version of Android was leaving millions of handsets at potential risk of criminals.

Researchers have found that entering a long string of text into the password field while the camera app is active causes the phone to crash. 

This in turn exposes the phone's homescreen and bypasses the need for a correct password.

If exploited, a hacker would then be able to access all the personal files on the phone as well as install malware to control the phone remotely.

The vulnerability was discovered by researchers at the University of Texas at Austin and affects devices running Android Lollipop 5.0 and above. 

'By manipulating a sufficiently large string in the password field when the camera app is active an attacker is able to destabilise the lockscreen, causing it to crash to the home screen,' explained John Gordon in a blog post. 

'At this point arbitrary applications can be run or developer access can be enabled to gain full access to the device and expose any data contained therein.'  

According to the blog post's step-by-step instructions, users can replicate the bug by typing a selection of random characters in to the password field before selecting and copying them. 

The researchers reported the flaw to the Android security team in June, which assigned it a 'low severity' issue. 

Google later elevated it to a moderate severity issue and has since issued a fix for the flaw, under the build number LMY48M, but this fix only applies to its own range of Nexus devices. 

(dailymail.co.uk)


www.ann.az
0
Follow us !

REKLAM