This is a flaw with Lollipop, the latest version of Android.

From the locked screen, open the phone’s “Emergency Call” feature. Type a few characters, then copy-and-paste the text repeatedly. The character “string” grows exponentially, so it quickly becomes close to 40,960 characters long.

Then open the phone’s camera app and prompt the phone to request a password. Paste the super long character string a few times until the system crashes. (Based on Gordon’s video, it looks like 163,840 total characters.)

Wait maybe five minutes, and the phone goes straight to the unlocked home screen.

And:

Google has acknowledged the flaw, saying that the hack lets someone who grabs your phone “view contact data, phone logs, SMS messages, and other data that is normally protected.”

Most importantly:

The patch is already available for Google’s own line of phones — the various Nexus models. But there’s no telling when it’ll reach Android devices made by Samsung, LG and others. Blame the Android’s fractured updating system, which is slowed down by phone manufacturers and cellphone network carriers.

That last is the fly in the ointment.