Android Vulnerability Affecting Lock Screen

            Once phones are locked, they typically can only be unlocked with a passcode, fingerprint, or face scan.  However, due to a recent vulnerability, anyone is able to bypass an Android device’s lock screen.  That means anyone who gets their hands on your phone can easily access anything inside of it.

Bleeping Computer reported that Cybersecurity researcher David Schütz realized he could unlock a Google Pixel 5 and Pixel 6 without any knowledge of what the passcode is.  All an attacker needs to do is insert their own SIM card into the Android they are trying to break into.  If they enter the wrong SIM pin 3 times, and then enter their SIM’s PUK (Personal Unblocking Key), they will be able to create a new SIM PIN.  Once this is completed, they can now access the phone since they have bypassed the entire security of the lock screen.

Google ended up issuing a patch for this vulnerability, and it’s important to get this security flaw fixed as soon as possible.  For an Android that is running 10, 11, 12 or 13, you would need to install the November 2022 security update.  In order to do that, head to Settings > System > System Update, then let the OS look for a new update. If there’s one available, you can download and install it right from there.

Categorised in: IT Threat