Update your Android or anyone can use this trick to unlock it

November 14, 2022

By Kim Komando

Before facial recognition became a standard feature on many smartphones, the primary method for unlocking the home screen was a secret number combination or pattern. But the problem is that many people can easily forget their PIN, locking themselves out.

But you need a way to keep people off your smartphone. After all, mobile phones are far more than just communication gadgets. They store photos, contacts, emails, and personal and financial data. 

But as with most technological advancements, someone will find a way to take advantage of the system. Read on to see why you must update your Android phone ASAP to prevent intrusions.

Here’s the backstory

Keeping your data safe and out of the hands of criminals is crucial in preventing identity fraud. So when a security researcher found out that he could bypass the lock screen of his Android phone, it raised some serious alarms.

Cybersecurity researcher David Schütz ran into a bit of trouble when his Google Pixel 6 ran out of battery life, and he then entered his PIN incorrectly three times. Pixel phones require you to enter the PUCK code found on the SIM card’s original packaging after three failed PIN attempts. He managed to unlock his phone using the PUK code.

But this is when something unexpected happened. After selecting a new PIN, his lock screen looked different. The only authentication his Pixel wanted was a fingerprint.

He tested this a few times. In one experiment, he swapped out the SIM and selected a new PIN code. To his astonishment, his phone went directly to the unlocked home screen.  

“Since the attacker could just bring his/her own PIN-locked SIM card, nothing other than physical access was required for exploitation. The attacker could just swap the SIM in the victim’s device and perform the exploit with a SIM card with a PIN lock, for which the attacker knew the correct PUK code,” he explains in a blog post.

What you can do about it

Schütz couldn’t believe that he accidentally found a severe security vulnerability in his Android phone. Google is usually very astute in patching flaws of this severity, making the problem much worse.

He discovered the flaw on his Pixel 6 but tested his old Pixel 5, which also had the bug. He says all Pixel phones are susceptible to this exploit.

Through a lengthy process, Schütz reported the flaw to Google in June this year, but it wasn’t until earlier this month that a patch was made available. Anybody with a device running Android 10, 11, 12, or 13 must update to the latest version to fix this problem.

Here’s how you update your Android phone:

If the update is available, follow the on-screen instructions.

Keep reading

How to scan a QR code with your iPhone or Android phone (no apps needed)

This new Google alert could save your life – Here’s how to get it on Android and iPhone

https://www.komando.com/tips/android/android-lock-screen-bug/