A new, dead-simple attack could allow anyone who gets their hands on it to bypass that password lock with no more skill than it takes to cut and paste a long string of characters.

A security analyst at the University of Texas's information security office in Austin has discovered that the widespread version 5 of Android is vulnerable to an easy lock-screen-bypass attack. The hack consists of basic steps like entering a long, arbitrary collection of characters into the phone's Emergency Call dial pad and repeatedly pressing the camera shutter button. UT's John Gordon, who outlines the full hack in this security notice and demonstrates it in the video below, says the trick offers full access to the apps and data on affected phones. And by using that access to enable developer mode, he says that an attacker could also connect to the phone via USB and install malicious software.

"My concern when I found this…was thinking about a malicious state actor or someone else with temporary access to your phone," he says. "If, say, you give your phone to a TSA agent during extended screening, they could take something from it or plant something on it without you knowing.