CyberSecurityBoard
Sponsor Register Login

Researchers Bypassed Android Lock Screen using Driving mode

Recent reports indicate that researchers have discovered a new method to bypass the Android Lock Screen and extract sensitive information like photos, contacts, browsing history, shared location, and much more.
This issue existed on the most recent versions of Android, such as Android 14 and 13.
Google has reported this issue, and a security patch is yet to be provided for the affected versions.
A researcher named Jose Rodriguez asked a question about accessing Google Maps links from the lock screen.
The question was posted on multiple platforms, including Twitter, Reddit, and Telegram, and it was stated that his Google Pixel was locked.
He found a method to bypass the lock screen and also mentioned that Google has been aware of this issue for at least six months.
The video provided by the researchers involves very simple actions with which an Android device can be successfully bypassed to the main screen.
The exploit has been differentiated with two perspectives DRIVING MODE enabled and DRIVING MODE disabled.
According to the video, the researcher used Google Assistant initially for the interpreter mode.
With this mode, users can translate their own language into English.
It also offers a keyboard for users to type their language.
Once the text is highlighted, Android's link discovery feature kicks in and detects the navigation for Google Maps.
Once the user clicks on the map icon above the highlighted text, the user is taken to Google Maps after some additional steps, and the Android lock screen is successfully bypassed.
If the DRIVING MODE is disabled, a threat actor can use this technique to access recent and favorite locations and contacts and share locations in real time with contacts or with an email that the attacker can enter manually.
If the DRIVING MODE is enabled, a threat actor can combine it with another exploit and gain full control over the Android device and the user's Google account.
The threat actor will need physical access to the victim's device as a prerequisite.
Users of Android with versions 13 and 14 are recommended to keep their devices secured with additional lock restrictions and do not lose their phone's physical access.


This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 11 Dec 2023 14:10:26 +0000


Cyber News related to Researchers Bypassed Android Lock Screen using Driving mode

Researchers Bypassed Android Lock Screen using Driving mode - Recent reports indicate that researchers have discovered a new method to bypass the Android Lock Screen and extract sensitive information like photos, contacts, browsing history, shared location, and much more. This issue existed on the most recent ...
6 months ago Cybersecuritynews.com
Versions 14 and 13 of Android are Vulnerable to New Lock Screen Bypass Exploits - Using Android 14 and 13 smartphones, a newly discovered bug allowing the user to bypass the lock screen can compromise sensitive information from Google accounts stored in users' Google accounts, according to security researcher Jose Rodriguez. It ...
6 months ago Cysecurity.news
CVE-2021-47038 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: avoid deadlock between hci_dev->lock and socket lock Commit eab2404ba798 ("Bluetooth: Add BT_PHY socket option") added a dependency between socket lock and hci_dev->lock ...
4 months ago Tenable.com
Android to add new anti-theft and data protection features - Google is introducing multiple anti-theft and data protection features later this year, some available only for Android 15+ devices, while others will roll out to billions of devices running Android 10 and later. To protect your personal and ...
1 month ago Bleepingcomputer.com
Choosing the Perfect Smart Lock for Your Home Security - Installing a smart lock on your home is like building a wall of protection around it. In this article, we will explore the benefits of using smart locks, different types of technology available, security features offered, factors to consider when ...
6 months ago Securityzap.com
CVE-2024-26629 - In the Linux kernel, the following vulnerability has been resolved: ...
2 weeks ago
Monthly Threat Webinar Series in 2023: What to Expect - We firmly believe that the internet should be available and accessible to anyone and are committed to providing a website that is accessible to the broadest possible audience, regardless of ability. These guidelines explain how to make web content ...
1 year ago Trendmicro.com
CVE-2024-26775 - In the Linux kernel, the following vulnerability has been resolved: aoe: avoid potential deadlock at set_capacity Move set_capacity() outside of the section procected by (&d->lock). To avoid possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ...
3 months ago Tenable.com
CVE-2024-36003 - In the Linux kernel, the following vulnerability has been resolved: ...
1 month ago
Researchers extract RSA keys from SSH server signing errors - A team of academic researchers from universities in California and Massachusetts demonstrated that it's possible under certain conditions for passive network attackers to retrieve secret RSA keys from naturally occurring errors leading to failed SSH ...
7 months ago Bleepingcomputer.com
CVE-2024-26732 - In the Linux kernel, the following vulnerability has been resolved: net: implement lockless setsockopt(SO_PEEK_OFF) syzbot reported a lockdep violation [1] involving af_unix support of SO_PEEK_OFF. Since SO_PEEK_OFF is inherently not thread safe (it ...
3 months ago Tenable.com
Researchers Uncover Simple Technique to Extract ChatGPT Training Data - Can getting ChatGPT to repeat the same word over and over again cause it to regurgitate large amounts of its training data, including personally identifiable information and other data scraped from the Web? The answer is an emphatic yes, according to ...
7 months ago Darkreading.com
CVE-2023-52632 - In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix lock dependency warning with srcu ====================================================== WARNING: possible circular locking dependency detected 6.5.0-kfd-yangp #2289 ...
3 months ago Tenable.com
AutoSpill attack steals credentials from Android password managers - Security researchers developed a new attack, which they named AutoSpill, to steal account credentials on Android during the autofill operation. In a presentation at the Black Hat Europe security conference, researchers from the International ...
6 months ago Bleepingcomputer.com
WhatsApp Beta Testing Expanded Authentication Methods for App Lock Feature - In a world where privacy and security are increasingly important, WhatsApp continues to prioritize the protection of user data through encrypted messaging. Recently, the app has been testing a new label to highlight chat encryption, further ...
3 months ago Cysecurity.news
Google Researchers' Attack Prompts ChatGPT to Reveal Its Training Data - A team of researchers primarily from Google's DeepMind systematically convinced ChatGPT to reveal snippets of the data it was trained on using a new type of attack prompt which asked a production model of the chatbot to repeat specific words forever. ...
7 months ago 404media.co
CVE-2024-35895 - In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Prevent lock inversion deadlock in map delete elem syzkaller started using corpuses where a BPF tracing program deletes elements from a sockmap/sockhash map. Because ...
1 month ago Tenable.com
CVE-2024-38589 - In the Linux kernel, the following vulnerability has been resolved: netrom: fix possible dead-lock in nr_rt_ioctl() syzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1] Make sure we always acquire nr_node_list_lock before ...
2 weeks ago Tenable.com
CVE-2024-27014 - In the Linux kernel, the following vulnerability has been resolved: ...
1 month ago
CVE-2024-27010 - In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix mirred deadlock on device recursion When the mirred action is used on a classful egress qdisc and a packet is mirrored or redirected to self we hit a qdisc lock ...
2 months ago Tenable.com
CVE-2023-52668 - In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix lock ordering in btrfs_zone_activate() The btrfs CI reported a lockdep warning as follows by running generic generic/129. WARNING: possible circular locking ...
1 month ago Tenable.com
CVE-2023-52587 - In the Linux kernel, the following vulnerability has been resolved: ...
4 months ago
CVE-2024-26725 - In the Linux kernel, the following vulnerability has been resolved: dpll: fix possible deadlock during netlink dump operation Recently, I've been hitting following deadlock warning during dpll pin dump: [52804.637962] ...
3 months ago Tenable.com
Driving into Tomorrow: The AI powered Car Takeover - In the next decade, a tech-driven revolution is set to transform our roads as 95% of vehicles become AI-powered connected cars. These smart vehicles, while promising enhanced safety and convenience, come with a catch-each generating a whopping 25 ...
5 months ago Cysecurity.news
Misconfigured Firebase Instances Expose 125 Million User Records - Hundreds of websites misconfigured Google Firebase, leaking more than 125 million user records, including plaintext passwords, security researchers warn. It all started with the hacking of Chattr, the AI hiring system that serves multiple ...
3 months ago Securityweek.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)