Fix an Android security flaw that allows anyone to unlock your phone

Image of an article entitled Anyone can unlock your Android device without the password

picture: Fandestico (stock struggle)

Your phone’s lock screen is meant to be a protection against the world (and the occasional unlock in your pocket). When your phone is locked, it cannot be unlocked without passcode, face scan or fingerprint. If you lose your phone or someone snatches it From you, you can rest assured that they will not be able to do anything with it. except now They can, thanks a I recently discovered vulnerability Allow anyone to bypass your Android device’s lock screen.

As reported by Bleeping ComputerCybersecurity researcher David Schütz has discovered a way to unlock both the Google Pixel 6 and Pixel 5 without having to know the passcode. It happened after my Pixel 6 ran out of charge, and after I entered my PIN incorrectly three times. His SIM card was then locked, so he inserted a PUK (Personal Unlocking Key) to retrieve it.

However, once the SIM card was recovered, the Pixel asked him to scan his fingerprint. This shouldn’t happen, because Pixels (as well as most phones) require you to enter the passcode in order to unlock after a reboot. You should not have the option to use your fingerprint to unlock the phone until after a successful one unlocked with the passcode.

From there, Schutz realized there was a legitimate security vulnerability here. If an attacker inserts his SIM card into the target’s Android device, and then enters the wrong SIM PIN three times, he can enter the SIM’s PUK code to be able to generate a new SIM PIN. Once you do that, they bypass the lock screen completely and get into the phone. You can watch a demonstration of the hypothetical attack in the video below:

Pixel 6 Full Lockscreen Bypass POC

Schutz brought this flaw to Google’s attention back in June of this year, but it took five months to finally introduce the patch. Still, it’s good there he is Patch: It’s not clear how long this vulnerability has actually been floating around It puts millions of Android devices at risk.

How to fix the latest lock screen vulnerability on Android

If you have a phone running Android 10, 11, 12 or 13, you need to install the November 2022 security update in order to patch this vulnerability. If you have already installed the patch, you are good to go! But other than that, install it ASAP.

To install the security patch on Android, head over to Settings>System>System Update, then allow the operating system to check for a new update. If there is one available, you can download and install it from here. You can also check for security updates from Settings > Security > Google Security Check.

See also  AirPods Pro 2 hands-on: Clearer sound and better noise cancellation

Leave a Reply

Your email address will not be published.