Just because your Android screen is protected by a password doesn’t mean is as safe as you thought it would be. In fact, if you chose a password instead of a PIN or pattern unlock to protect your Lollipop device, then anyone can get into your phone with a trivial hack that was just discovered and shared with the world.
All Android devices that run any version of Lollipop from Android 5.0 to Android 5.1.1 (before build version LMY48M) are susceptible to the hack as long as the lockscreen protection condition is met, research from the University of Texas shows. The vulnerability was discovered in late June, with Google escalating severity from “Low” to “Moderate” by mid-July, after being privately informed on the issue.
The hack works like this: you enter a very long string of characters when prompted for the password, and the smartphone is simply left dumbfounded. The lockscreen crashes and the attacker gets access to the full contents of the phone.
Google released Lollipop version LMY48M to Nexus devices recently, and the new build patches this major security issue. Unfortunately, not all other Android devices that are already on Lollipop will be swiftly updated to the latest build.
However, there is a way to fix this yourself. Just replace your password with a PIN, pattern lock, or fingerprint unlock, and you should be fine.
A proof-of-concept video showing the hack in action, and the required steps to make it possible, follows below.