Google’s Android fixed a number of vulnerabilities with the November 2022 security update. One of the serious vulnerabilities is a bug that allows the lock screen of most devices to be bypassed in under a minute. The process does not need any special software or tools. The result of the bypass is that the hacker will have full access to the contents of the device. The serious vulnerability in Android was discovered by David Schütz. With it, you can basically unlock any Android smartphone. Whether its a Pixel or a Galaxy device, you do not need much effort to unlock it. You can view data on a stolen phone or reset the device to then continue to monetize it.
All you need is a new SIM with PIN and PUK protection
The method is surprisingly simple. The attacker only has to hold the respective device in their hands and insert their own PIN-locked SIM card. The SIM PIN must then be entered incorrectly three times before the PUK code received. The attacker can then assign a new PIN for the SIM himself. That’s it, because then the Android-side lock screen of the device disappears and access is free. Well, if you want to try this, sorry, it wouldnt work anymore. There is a fix and all updated system are now better protected. The cause of the vulnerability lies in Android’s handling of the various levels of security measures.
Gizchina News of the week
Google patches Android lock screen vulnerability – pays out $70,000 bug bounty
Schütz has detailed information and further details on the requirements for successfully carrying out the attack on his blog. Among other things, the attack only works if the smartphone has already been unlocked and then locked again by the legitimate user since it was last switched on.
According to Schütz, Google has already confirmed the problem and paid him a $70,000 bug bounty. The Internet company has already published a fix for the vulnerability with the latest monthly patch package for Android. The Android Open Source Project’s code has also been updated to close the gap. So the corresponding fixes are already included in the AOSP branches for Android 13 , 12, 11 and 10.
Because the vulnerability does not only exist in Google’s own smartphones. Most other providers of vulnerable Android devices are also likely to update them in the form of updates. The vulnerability makes it clear that it is very important to always install the latest patches for Android.