Fix an Android vulnerability that lets anyone unlock your phone

0
12


An article image titled Anyone Can Unlock Your Android Device Without Password

Build: Fantastic (Stock war)

Your phone’s lock screen is meant to be a shield against the world (and the occasional unlock in your pocket). When your phone is locked, it cannot be unlocked without a passcode, face scan, or fingerprint. If your phone is lost or stolen You can be sure that you can’t do anything with it. Except now You can, thank you I recently discovered a vulnerability Allow anyone to bypass your Android device’s lock screen.

As the bleeping computer reportsCybersecurity researcher David Schutz has discovered a way to unlock both the Google Pixel 6 and Pixel 5 without knowing the passcode. This happened after my Pixel 6 died and I entered my PIN incorrectly three times. As a result, his SIM card was blocked, so he inserted a PUK (Personal Unlocking Key) to retrieve it.

However, once the SIM card is retrieved, the Pixel will prompt him to scan his fingerprint. This won’t happen because the Pixel (like most phones) requires a passcode to be entered to unlock after rebooting. You will be able to unlock the phone with your fingerprint only after successfully unlocking with the passcode.

Since then, Schutz has acknowledged that there is a legitimate weakness here. If an attacker inserts their SIM card into a target’s Android device and then enters the wrong SIM PIN three times, they can enter the SIM card’s PUK code to generate a new SIM PIN. Once you do this, they completely bypass the lock screen and access the phone. You can see a demonstration of the hypothetical attack in the video below:

Bypass Pixel 6 full lockscreen POC

Schutz alerted Google to the bug in June of this year, but it took five months for the patch to finally roll out. Still, there is good is Patch: It’s unclear how long this vulnerability has actually been out there This puts millions of Android devices at risk.

How to Fix Latest Lock Screen Vulnerability on Android

If you have a phone running Android 10, 11, 12 or 13, you must install the November 2022 security update to fix this vulnerability. If you’ve already installed the patch, you’re good to go! Otherwise install as soon as possible.

To install security patches on Android, go to Settings > System > System Update, and then allow the operating system to check for a new update If one is available, you can download and install it here. You can also check for security updates from Settings > Security > Google Security Check.



Source link