Android Vulnerability Allows Anyone to Bypass the Lock Screen

When setting up your smartphone, choosing a strong passcode and utilizing available biometric authentications (like face and fingerprint scans) are usually enough to keep intruders away. However, a newly discovered Android vulnerability means anyone can bypass the lock screen and break into your smartphone. The new vulnerability comes to us from cybersecurity researcher David Schütz. Schütz was using his Pixel
November 14, 2022
 / 
meritsolutions
 / 
Image

When setting up your smartphone, choosing a strong passcode and utilizing available biometric authentications (like face and fingerprint scans) are usually enough to keep intruders away. However, a newly discovered Android vulnerability means anyone can bypass the lock screen and break into your smartphone.

The new vulnerability comes to us from cybersecurity researcher David Schütz. Schütz was using his Pixel 6 smartphone when it ran out of battery. When it powered back on, he needed to enter his SIM PIN, which he attempted three times, each incorrectly. Luckily, he was able to enter his PUK (personal unblocking key) to restore the SIM right away. However, in doing so, he noticed something odd.

Now that he restored the SIM, and the phone was ready to go, the Pixel was allowing him to scan his fingerprint in order to unlock the phone. That’s not how things are usually supposed to go: Once a phone reboots, it requires the passcode before allowing biometric authentication options like fingerprints or face scans. Because the Pixel had just turned on, it shouldn’t give him the option to unlock via a fingerprint.

What he found, though, was that he could unlock the phone even without his fingerprint, discovering a major security flaw. A hacker could steal or otherwise gain access to a target’s Android smartphone, swap the target’s SIM for their own, enter the SIM PIN incorrectly three times, then enter the correct PUK for the SIM. After that, Android would unlock the phone, no passcode required.

Obviously, this is bad news. The flaw affects all devices running Android versions 10, 11, 12, and 13, which encompasses a staggering amount of smartphones. Luckily, Google already has a patch, which it included with the recent November 2022 security update.

If you already installed the November security patch on your Android smartphone, your device is protected from this vulnerability. If not, make sure you update ASAP from Settings > System > System Updates. iPhones are not affected by this vulnerability and do not need to update.

Photo by Denny Müller on Unsplash

Share This

Leave a Reply

There are currently no comments. Why don't you kick things off?