Android related to Google Fixed a number of vulnerabilities with the December 2022 security update. One of the serious vulnerabilities is a bug that lets you bypass the lock screen on most devices in less than a minute. The process does not require any special software or tools.
The result of the bypass is that the hacker has full access to the device’s contents. Serious Android vulnerability discovered by David Schütz. With it, you can unlock basically any Android smartphone. get a device pixel or Galaxy, you don’t need much effort to unlock it. You can view the data of a stolen phone or reset the device to continue earning money later.
This would be too easy for a hacker to accomplish.
The method is surprisingly simple. All the attacker has to do is hold the respective device and insert its own PIN-locked SIM card. You have to enter the wrong SIM PIN three times before you can get the PUK code. The attacker can then assign himself a new PIN for the SIM.
That’s all, because the lock screen of the device on Android disappears and access is free. If you want to try this, sorry it won’t work anymore. There is a solution and all upgraded systems are now better protected. The reason for the vulnerability lies in Android’s handling of different levels of security measures.
On his blog, Schütz provides detailed information and further details on the requirements necessary to successfully carry out the attack. Among other things, the attack only works if the smartphone has been unlocked and has been re-locked by the legitimate user since the last time it was unlocked.
The company is already up and running with the solution
According to Schütz, Google has already acknowledged the issue and paid him a $70,000 bounty for the bug. The internet company has already released a fix for the vulnerability with its latest monthly patch package for Android. The Android open source project code has also been updated to close the gap. Thus, the corresponding hotfixes are already included in the branches. AOSP For Android 13, 12, 11 and 10.
And the vulnerability isn’t just found in Google’s own smartphones. Most other vendors of vulnerable Android devices are also likely to update them in the form of updates. The vulnerability makes it clear that it is very important to always install the latest patches for Android.
Source: Cincodias Elpais