Researcher discovered a new lock screen bypass bug for Android 14 and 13

Dec 10, 2023 08:00 pm Cyber Security 96

Pierluigi Paganini December 10, 2023

Researchers discovered a lock screen bypass bug in Android 14 and 13 that could expose sensitive data in users’ Google accounts.

The security researcher Jose Rodriguez (@VBarraquito) discovered a new lock screen bypass vulnerability for Android 14 and 13. A threat actor with physical access to a device can access photos, contacts, browsing history and more.

A couple of months ago, the researcher published multiple platforms, including Twitter, Reddit, and Telegram, asking if it was possible to open a Google Maps link from the lock screen because he couldn’t do it with his Pixel locked.

Rodriguez recently discovered that it is possible to bypass the lock screen and claimed that Google is also aware of the issue for at least six months and has yet to address it.

[embedded content]

The expert reported the issue to Google in May and pointed out that at the end of November, there was still no scheduled date for a security update.

Rodriguez clarified that the impact of the exploits varies based on the user’s installation and configuration of Google Maps. The severity significantly escalates if the DRIVING MODE is activated.

Below are the two scenarios, and related levels of severity, described by the researcher:

If the user does NOT have DRIVING MODE activated: an attacker can access recent and favorite locations (home, work…), also contacts, and share location in real time with contacts or with an email that the attacker can enter manually.

If the user DOES have DRIVING MODE activated: by chaining another exploit, in addition to the accesses m ..

Support the originator by clicking the read the rest link below.