you shall not pass

Millions of Android owners warned anyone can bypass your lock screen – update your phone now

ANDROID owners have been warned to update their smartphones immediately after an expert stumbled across a potentially dangerous security glitch.

Bug hunter David Schütz says he was able to bypass the lock screen on his Google Pixel devices with a few simple steps that anyone can do.

Advertisement
Experts demonstrates how easy the hack is to pull offCredit: David Schütz

He found it by accident when the battery on his Pixel 6 had almost ran out after 24 hours of travelling.

It's not clear whether the same issue affects all Android devices, but it's serious enough for operating system owner Google to push out an update that fixes it.

The flaw can only be carried out when someone physically has your phone but it's still a massive risk if thieves get hold of it or even at the hands of an abusive partner.

According to , the weird bug is all to do with switching SIM cards.

Advertisement

First you would need to deliberately put in three incorrect fingerprint scans, which temporarily disables the biometric features.

At this point, a hacker can remove the SIM card and put their own into the phone.

They enter three incorrect PIN attempts and are then asked to give a PUK (Personal Unblocking Key) code for the SIM.

Once this is done, you can enter any old PIN and you'll gain access to the device.

Advertisement

Most read in Tech

STAR WARS
'Mind-boggling' Chinese space weapons - from 'Death Star' to secret space plane
STARRY EYED
Northern Lights set for ‘once in a decade’ return to UK, reveals Met Office
MAKING A SPLASH
Vid catches elephant's surprise talent - and a cheeky prank by her zoo pal
UNSTOPPABLE DINO
World’s toughest dino had bulletproof armour, ‘best ever fossil’ reveals

"This was disturbingly weird," he said.

"My hands started to shake at this point."

The expert even tested it on an up-to-date Pixel 5 to make sure it wasn't an isolated incident and he was still able to pull it off.

Schütz notified Google immediately but it took about three months until a fix was rolled out.

Advertisement

Apparently someone else had reported it before him but the tech giant still paid Schütz $70,000 for his efforts.

"Even though this bug started out as a not-too-great experience for me, the hacker, after I started “screaming” loudly enough, they noticed, and really wanted correct what went wrong," he said.

"Hopefully they treated the original reporter(s) fairly as well. In the end, I think Google did pretty well, although the fix timelime still felt long for me."

A patch for the flaw - officially known as CVE-2022-20465 - was included in the November 5, 2022 security update.

Advertisement

You should have updates on automatically, in which case your device is safe.

If you have them switched off, you should download and install the latest update as soon as possible.

Best Phone and Gadget tips and hacks

Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered...

Get all the latest WhatsApp, Instagram, Facebook and other tech gadget stories here.



We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at tech@the-sun.co.uk

Advertisement

Topics
Advertisement
machibet777.com