Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Android Vulnerabilities. Show all posts

Versions 14 and 13 of Android are Vulnerable to New Lock Screen Bypass Exploits

 


Using Android 14 and 13 smartphones, a newly discovered bug allowing the user to bypass the lock screen can compromise sensitive information from Google accounts stored in users' Google accounts, according to security researcher Jose Rodriguez. 

It has now been discovered that there is a new Google Maps bug which poses a serious threat by allowing hackers to access sensitive data, allowing them to access photos, contacts, browsing history, and other sensitive information. When a device is locked, there is still a possibility of unauthorized access to its content due to this vulnerability. 

It has been confirmed that Android users can attempt to access a Google Maps link while their phones are locked, and Rodriguez validated this security loophole by asking them to access it. This was a very interesting discovery for Rodriguez as he tried to open links to Google Maps from the lock screen directly, and this caused the bug to appear. 

The more concerning part is that Rodriguez claims that Google has been aware of the issue for at least six months without doing anything about it. This is the latest security flaw that Rodriguez has found, and he reported it to Google in May, a specialist in discovering mobile security flaws. There is still no security patch available from Google to address the vulnerability despite the latest updates that have been released. In his opinion, the company was aware of this issue in May, but it was only at the end of November that the update that would fix the error was finally released. 

It is believed that the vulnerability allows attackers to access and share recent and favourite locations as well as contacts depending on the way the user configures Google Maps. The first scenario occurs in those who do not enable Drive Mode. It was Rodriguez's first attempt to open Google Maps from the lock screen, and he asked for assistance on several platforms, including Twitter, Reddit, and Telegram. 

Later, he discovered the way around the lock screen bypass, indicating that Google had been aware of this problem for at least six months. Although Google is aware of this vulnerability and has been notified about it, they have not yet addressed it, leaving users vulnerable to exploitation by threat actors with physical access to their devices, regardless of the severity of the vulnerability. 

Google Maps’ vulnerability varies from user to user, with severity increasing if the Driving Mode is activated, which results in a greater impact of the exploits. An attacker can access recent and favourite locations and contacts of a user who does not have the DRIVING MODE, and share location information with their contact in real time. 

As a result of the vulnerability, two main scenarios can be exploited by whether Driving Mode is enabled. In the first scenario, attackers can reveal recent and favourite locations, as well as contacts, by accessing and sharing the more recent locations. In the second scenario, another exploit is chained to gain access to and publish photos of the user, extensively manipulate the Google account, and potentially gain full access to the account as well. 

A user who is using an Android smartphone is encouraged to try the lock screen bypass and report what they find out. By activating DRIVING MODE, the attacker will be able, through additional exploits, to gain access to photos, extensive details and configurations of Google accounts as well as the ability to gain total control of the account from another device, as well as the ability to access the account remotely. 

Rodriguez recommends that Android users test the screen lock bypass on their phones and share feedback about the potential risks and vulnerabilities associated with this issue, including the Android version and device model. A significant security flaw exists in the Google Pixel that can be exploited by swapping the SIM card from a locked device with one that has a known PUK code. 

This is a significant security flaw that can be exploited by an attacker with very little technical experience. The response time from Google to security issues has been very slow, so it raises concerns about the company's commitment to promptly addressing security flaws that can potentially put users at risk. A security update was released in November, following an incident that occurred in July. This pattern raises questions about Google's commitment to addressing security flaws as soon as possible.