Millions of Android users warned anyone can bypass your lock screen – update now
ANDROID owners have been warned to update their smartphones immediately after an expert stumbled across a potentially dangerous security glitch.
Bug hunter David Schütz says he was able to bypass the lock screen on his Google Pixel devices with a few simple steps that anyone can do.
He found it by accident when the battery on his Pixel 6 had almost ran out after 24 hours of travelling.
It’s not clear whether the same issue affects all Android devices, but it’s serious enough for operating system owner Google to push out an update that fixes it.
The flaw can only be carried out when someone physically has your phone but it’s still a massive risk if thieves get hold of it or even at the hands of an abusive partner.
According to Schütz, the weird bug is all to do with switching SIM cards.
First you would need to deliberately put in three incorrect fingerprint scans, which temporarily disables the biometric features.
At this point, a hacker can remove the SIM card and put their own into the phone.
They enter three incorrect PIN attempts and are then asked to give a PUK (Personal Unblocking Key) code for the SIM.
Once this is done, you can enter any old PIN and you’ll gain access to the device.
“This was disturbingly weird,” he said.
“My hands started to shake at this point.”
The expert even tested it on an up-to-date Pixel 5 to make sure it wasn’t an isolated incident and he was still able to pull it off.
Schütz notified Google immediately but it took about three months until a fix was rolled out.
Apparently someone else had reported it before him but the tech giant still paid Schütz $70,000 for his efforts.
“Even though this bug started out as a not-too-great experience for me, the hacker, after I started “screaming” loudly enough, they noticed, and really wanted correct what went wrong,” he said.
“Hopefully they treated the original reporter(s) fairly as well. In the end, I think Google did pretty well, although the fix timelime still felt long for me.”
A patch for the flaw – officially known as CVE-2022-20465 – was included in the November 5, 2022 security update.
You should have updates on automatically, in which case your device is safe.
If you have them switched off, you should download and install the latest update as soon as possible.
Best Phone and Gadget tips and hacks
Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered…
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.