If you own an Android phone it's vital that you make sure its software is fully updated to avoid being targeted by a very scary flaw. It appears that a serious bug in Google's operating system could allow hackers to gain full access to a device - and all of its personal contents - even when it's fully protected by a pin code and biometric security such as a fingerprint or facial recognition.
The worrying bug was discovered accidentally by security expert David Schütz who found he could bypass the phone's lock screen by simply following a certain pattern of actions and changing the SIM card.
Posting a video on social media, Schütz revealed how placing the wrong finger on the in-built scanner three times would temporarily disable the biometric security.
Schütz then removed the SIM card and placed a brand-new one inside. He then found that if he entered the wrong pin number three times he'd be asked for the new SIM's PUK code - this is easily found on the packaging that the SIM ships with.
Once this code is entered, any pin number instantly worked with the device. That meant he could unlock it and swipe through all personal details and files held on the phone including photos, emails and texts.
Clearly, the hacker would need access to the device in the first place as the trick can't be performed remotely but it's still a pretty terrifying flaw that Google has rushed to fix.
It's thought the bug affects a swathe of Android versions including 10, 11, 12 and 13. The device that Schütz used to find the hack was a Pixel and there's no word on whether all Android phones are affected by the glitch.
However, if you haven't updated your device in a while it's worth checking things are fully upgraded with Google releasing a patch on November 5 which is called CVE-2022-20465.
As a thank you for his efforts, Google paid Schütz a $70,000 reward.
"I found a vulnerability affecting seemingly all Google Pixel phones where if you gave me any locked Pixel device, I could give it back to you unlocked. The bug just got fixed in the November 5, 2022 security update.
"The issue allowed an attacker with physical access to bypass the lock screen protections (fingerprint, PIN, etc.) and gain complete access to the user’s device. The vulnerability is tracked as CVE-2022-20465 and it might affect other Android vendors as well."
HOW TO CHECK YOUR OPERATING SYSTEM
• Open your phone's Settings app.
• Near the bottom, tap About phone and then Android version.
• Find your 'Android version', 'Android security update' and 'Build number'.
HOW TO UPDATE YOUR PHONE
• Open your phone's Settings app.
• Near the bottom, tap System and then System update.
• You'll see your update status. Follow any steps on the screen.
https://news.google.com/__i/rss/rd/articles/CBMiamh0dHBzOi8vd3d3LmV4cHJlc3MuY28udWsvbGlmZS1zdHlsZS9zY2llbmNlLXRlY2hub2xvZ3kvMTY5NjY5MS9BbmRyb2lkLXdhcm5pbmctbG9jay1zY3JlZW4tYnVnLWZpeC1nb29nbGXSAQA?oc=5
2022-11-15 07:18:00Z
1649720228
Tidak ada komentar:
Posting Komentar