Bypassing the phone’s lock screen requires entering a PIN, pattern or facial recognition, but a cyber security researcher has discovered a vulnerability that criminals can exploit to gain access to the phone without a password.

David Schutz There was an expert who discovered a flaw in the devices AndroidFor which he attracted attention Googlewhich have already fixed the bug with a patch for devices with this system, so it is recommended to constantly check and update the phone.

You may be interested in:

What was the admissions process like?

It all starts with restarting the mobile phone as it needs to ask for a security pin to access the phone. What he did Schutz There were three times he entered the code incorrectly and it blocked the SIM, so he entered the PUK (Personal Unblocking Key) to reset it.

But when the mobile turns on again, it didn’t ask for the password, but to set the fingerprint to unlock, which doesn’t happen on any device, because it’s an option given after entering the pin. on it.

This way, if a criminal inserts his own SIM into the victim’s phone and then enters the PIN incorrectly three times, he can enter his SIM PUK and generate a new PIN to gain full access to the device.

With this vulnerability, a criminal can change other security settings, personal information, mail and view all content using the mobile as if it were their own.

The solution to this error

Google The situation has already been fixed with a patch, so Android 10, 11, 12 and 13 users should download the November 2022 security update to avoid this vulnerability.

To do this, go to Settings > System > System Update, then check for a new update, download and install it. Another method to get the patch is Settings > Security > Security Check GoogleFrom there, you can also take steps to keep your phone safe.

You may be interested in:

spyware

The Google Threat Analysis Group (TAG) announced that it has identified spyware on mobile devices Samsungwhich came to study the vulnerability of the devices, although the situation has already been controlled and fixed.

There were three vulnerabilities that were used as a chain to take control of a mobile phone, as attackers had privileges to read and modify files to reveal them later.

According to the investigation, the mobile phones in which the attacks were carried out were those using the kernel 4.14.113 and the processor. Exynos, which is mainly sold in Europe, Middle East and Africa.

In addition, the reports in which the spyware was identified were the Galaxy S10, A50 and A51, where users were led to a file outside the official stores, which allowed the cybercriminal to escape from the test area of ​​the application that was created. Enter your activity and access the rest of the device’s operating system.

This situation has now been fixed samsung, Those who are required to disclose the vulnerabilities they are actively exploiting, as they already do Google and Apple.

Continue reading: