The most famous and widely used smartphones nowadays are of Android operating system.
There are plenty of reasons for the widespread market that includes a vast variety, affordability and most importantly it is known for its most up to date software.
The major concern of users are the specifications like camera, processor, RAM, apps etc.
No one really bothers about security related issues because we are able to see only what we are made to see.
“THE CLOSER YOU LOOK THE LESS YOU SEE”.
Also in the present age there is nothing more valuable than keeping your information secure.
Confidentiality and privacy are the two major concerns that need proper attention these days because of the increased security threats and attacks.
Common users are totally unaware of the fact that how and for what purposes their devices can be used and they can be caught into danger.
Password Based Encryption (PBE)
PBE is the most commonly used feature for ensuring the needs of privacy, confidentiality and integrity.
What PBE really does is that it setups a password and only the authenticated user can have the access to the device/ data / information.
PBE is used mainly for protection of sensitive data.
Android Security Features
Android is providing mainly three types security on locking the phone.
- Screen Lock Pattern
All three lies under Android security module.
People think that pattern is of high accuracy as pin and password can be sniffed by many available software like keyboard loggers that keeps the track of each and every key user is pressing, but we will discuss what is the security threat that are present in Android.
Threat in Android Security
Apart from the popularity of Android, it is also a vital fact from a firm F-Secure that 99% of mobile malware are particularly designed for attacks on Android.
We are in a culture where we have access to everybody and because of this it indirectly means that our information is vulnerable at the same level.
Several researches have been conducted to testify the security of the Android system.
A recent study at Texas University have shown that patterns can be detoured by using a lengthy string.
This bug has no effects on pins and passwords.
What does Android bug really do?
The trick hackers use behind this threat is to exploit emergency call dialer screen.
Any type of device provides the emergency call dialer with any type of security module being used for protection.
Hackers have used this feature for their own good.
What they really do is briefly explained below.
Steps Exploiting the Lockup Screen Protection
- Hackers type several lengthy strings or characters in emergency dialer
- Copy the entered string/ characters to clipboard
- Swipe open the camera app from the locked phone
- Select option menu from the top
- A password prompt will open swiftly
- Keep pasting the characters copied into the clipboard at step two
- Continue pasting until the phone crashes
- The phone will be unlocked even the password entered was incorrect
- Vulnerable sets will spectacle no error message and will get open
- Now the attacker has gained access to the device
Note: the steps are applicable to the locked phone.
Consequences of the bug
Once the attacker has gained access to the device any software without the consent of user can be installed.
The condition will be even worse if ADB developer has been installed, as it allows to remote access to data and it can be exploited as well.
The sandbox of the device can also be affected.
It is of prime importance as it restricts the different apps from reading each other’s passwords.
It can be manipulated in such a way that there is complete violation of restriction on apps, they can read access each other’s files, manipulate the content or even erase complete information and data available on Android smartphone.
The exploited set needs a special software for rectification of the problem.
The users should be choosing the apps and software wisely.
The sets that have suffered completely should change their method of protection to pin/ password or patterns.
The problem has been rectified in Google’s Nexus and will be available in the next software updates.
It is not the matter of hours or days that update reaches to the common users.
Even many of users of Nexus have not received the update that is being claimed to be delivered for the rectification of the issue.
However, the main victim of this flaw was Nexus so there is small fraction of affected sets as compared to the wide availability of Android.
Article Written by: Sidra Aleem