A massive bug in Android's lock screen gives attackers access to your photos and other personal data

A massive bug in Android's lock screen gives attackers access to your photos and other personal data

Despite being primarily concerned about hackers compromising our devices through malware and malicious apps, a newly discovered bug could allow an attacker with physical access to one of the best Android phones to see photos, contacts, browsing history stored on the device, other personal data, could potentially be able to view

As reported by Security Affairs, a security researcher named Jose Rodriguez discovered a new lock screen bypass vulnerability affecting smartphones running Android 13 or Android 14

Rodriguez discovered that it was possible to do so by exploiting the vulnerability after asking on social media whether it was possible to open a Google Maps link from his smartphone's lock screen

To make matters worse, Rodriguez claims to have reported the issue to Google in May of this year, but six months later, it still has not been patched Hopefully the search giant will address this bug soon, but until then, here's everything you need to know about this lock screen circumvention bug and what you can do right now to minimize its impact

The way an attacker could exploit this vulnerability to access data stored on your smartphone depends on how you have Google Maps configured

If drive mode is not enabled, attackers can access not only your contacts, but also your most recently visited and favorite places (such as home and work) From here, they can also share your phone's location in real time with any contact or via email, which must be entered manually

However, if Drive Mode is enabled, an attacker can chain this exploit with another exploit to access photos stored on your device and publish them or add them to your Google account as a profile picture or even add them as profile pictures to your Google account At the same time, attackers can also access extensive information about your account and how it is set up Rodriguez is currently investigating this part of the attack

Uninstalling Google Maps from your phone would prevent attackers from taking advantage of this lock screen bypass bug, but since it is a system app, it cannot be uninstalled

In an email to Tom's Guide, a Google spokesperson clarified, "We are aware of this reported issue and are working on a fix However, we do not yet have a timeline for when it can be rolled out to affect Android smartphone users

Given what we know so far about this lock screen circumvention bug, those who are truly concerned about attackers gaining access to their Android smartphones should consider disabling Google Maps' driving mode for the time being While there is no proprietary guide to this process, this support document from Google describes exactly what is needed to enable or disable driving mode

It is worth noting, however, that an attacker would need to have physical access to your smartphone in order to exploit this bug Therefore, until a patch is released to fix this issue, it would be safe to keep your smartphone out of sight In other words, you should not leave your smartphone on the table when eating out Similarly, when using a cell phone in public, you want to be aware of your surroundings, as someone could snatch the phone out of your hands

As for cyber attacks and other ways hackers can break into your phone online, the best Android antivirus apps can help keep you safe from malware, malicious apps, and other threats But if you're on a tight budget, you want to make sure Google Play Protect is enabled on your device, as it can also scan all of your existing apps and any new ones you download for malware stuff

This lock screen bypass bug is quite serious and applies to the latest versions of Android, so Google is already working on a fix, which could be rolled out soon

Categories