Heads up, Android users! A new lock screen bypass demonstrates the security vulnerability in Android 13 and 14 devices that risks stored data. While Google knows the issue, a patch is not yet available. However, the tech giant has pledged to address the matter with the February 2024 update.
Android 13, 14 Lock Screen Bypass Exposes Stored Data
Security researcher Jose Rodriguez recently disclosed a new lock screen bypass vulnerability affecting the latest Android 13 and Android 14 devices.
As demonstrated in a video (shared below), the researcher could bypass the lock screen on an Android 14 device. Exploiting the vulnerability required the researcher to open a Google Maps link directly via the lock screen. Once done, returning from Google Maps could allow explicit access to the device.
This lock screen bypass typically affects the latest Android 13 and 14 OS versions, allowing an adversary to access the data in the device. Anyone with physical access to the target device can exploit the flaw, gaining access to the victim user’s Google account data, stored photos, contacts, browser data, and more.
Regarding the exploit, the researcher explained that its severity depends on the Google Maps configuration on the target device.
First, if the user has the Driving Mode disabled on Google Maps, then an adversary may access the device’s recent and favorite locations and contacts, share the location with contacts, or with the attacker’s own email address.
Second, with the Driving Mode enabled, an attacker may further access and meddle with the victim users’ Google account data, potentially performing many other malicious actions.
Patch To Arrive Soon
The researcher reported the vulnerability to Google in May. However, the tech giant hasn’t addressed the matter even after six months (till November). Hence, the researcher went ahead with public disclosure to inform the users of the risks. Nonetheless, Google BugHunters informed the researcher to address the flaw with the February 2024 update.
But for now, no patch exists to secure the vulnerable devices. Therefore, the researcher advised the users to simply uninstall Google Maps from their devices to prevent the exploit until a patch arrives.
Let us know your thoughts in the comments.
