ZB ZB
Opinion
Live now
Start time
Playing for
End time
Listen live
Listen to NAME OF STATION
Up next
Listen live on
ZB

Android users urged update their phones after expert discovers glitch

Author
news.com.au,
Publish Date
Thu, 17 Nov 2022, 11:36am
Android users have been urged to update their phones. Photo / 123RF
Android users have been urged to update their phones. Photo / 123RF

Android users urged update their phones after expert discovers glitch

Author
news.com.au,
Publish Date
Thu, 17 Nov 2022, 11:36am

Android users have been urged to update their phones after an expert discovered a dangerous security breach.

Cybersecurity expert David Schütz accidentally uncovered a hack to unlock his Google Pixel devices without knowing the passcode.

The security researcher explained on his blog that he came across the issue by chance when he forgot the PIN code of his phone and had to use the PUK code (Personal Unblocking Key) to regain access. After completing the steps, Schütz noticed a vulnerability.

“It was a fresh boot, and instead of the usual lock icon, the fingerprint icon was showing,” he wrote.

“It accepted my finger, which should not happen, since after a reboot, you must enter the lock screen PIN or password at least once to decrypt the device.”

Schütz exploited the bug in a video posted on YouTube.

It means that if someone were to access your phone, they would deliberately input three incorrect fingerprint scans and temporarily disable the biometric features.

A potential hacker could remove your SIM card and replace it with their own in your phone.

They might incorrectly enter three PIN attempts before being prompted to provide a PUK code for the SIM which would now be their SIM card.

They would then enter the PUK and then be able to reset the PIN.

“This was disturbingly weird,” Schütz said. “My hands started to shake at this point.”

The Security & bug bounty tested the same steps on a Google Pixel 5 and received the same result.

A major risk, the action can only be required if someone physically has your phone.

According to Schütz, the unusual bug involves switching SIM cards.

The fluke discovery led Schütz to report the issue to the operating system’s owner, Google.

The tech giant pushed out an update to fix the problem, three months after Schütz notified the company.

Schütz claims Google rewarded him US$70,000 for helping to find the glitch.

“Even though this bug started out as a not-too-great experience for me, the hacker, after I started ‘screaming’ loudly enough, they noticed, and really wanted to correct what went wrong,” he said.

“In the end, I think Google did pretty well, although the fix timeline still felt long for me.”

The fixed Android bug was included in the November 5 2022 security update.

- Belinda Palmada, news.com.au

Take your Radio, Podcasts and Music with you