Millions of Android owners warned anyone can bypass your lock screen – update your phone now
ANDROID owners have been warned to update their smartphones immediately after an expert stumbled across a potentially dangerous security glitch.
Bug hunter David Schütz says he was able to bypass the lock screen on his Google Pixel devices with a few simple steps that anyone can do.
He found it by accident when the battery on his Pixel 6 had almost ran out after 24 hours of travelling.
It's not clear whether the same issue affects all Android devices, but it's serious enough for operating system owner Google to push out an update that fixes it.
The flaw can only be carried out when someone physically has your phone but it's still a massive risk if thieves get hold of it or even at the hands of an abusive partner.
According to , the weird bug is all to do with switching SIM cards.
Read More on The Sun
First you would need to deliberately put in three incorrect fingerprint scans, which temporarily disables the biometric features.
At this point, a hacker can remove the SIM card and put their own into the phone.
They enter three incorrect PIN attempts and are then asked to give a PUK (Personal Unblocking Key) code for the SIM.
Once this is done, you can enter any old PIN and you'll gain access to the device.
"This was disturbingly weird," he said.
"My hands started to shake at this point."
The expert even tested it on an up-to-date Pixel 5 to make sure it wasn't an isolated incident and he was still able to pull it off.
Schütz notified Google immediately but it took about three months until a fix was rolled out.
Apparently someone else had reported it before him but the tech giant still paid Schütz $70,000 for his efforts.
"Even though this bug started out as a not-too-great experience for me, the hacker, after I started “screaming” loudly enough, they noticed, and really wanted correct what went wrong," he said.
"Hopefully they treated the original reporter(s) fairly as well. In the end, I think Google did pretty well, although the fix timelime still felt long for me."
A patch for the flaw - officially known as CVE-2022-20465 - was included in the November 5, 2022 security update.
READ MORE SUN STORIES
Read more about Android
You should have updates on automatically, in which case your device is safe.
If you have them switched off, you should download and install the latest update as soon as possible.
Best Phone and Gadget tips and hacks
Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered...
- How to delete your Instagram account
- What does pending mean on Snapchat?
- How to check if you've been blocked on WhatsApp
- How to drop a pin on Google Maps
- How can I change my Facebook password?
- How to go live on TikTok
- How to clear the cache on an iPhone
- What is NFT art?
- What is OnlyFans?
- What does Meta mean?
Get all the latest WhatsApp, Instagram, Facebook and other tech gadget stories here.
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at tech@the-sun.co.uk