CyberSecurityBoard
Sponsor Register Login

Researchers Bypassed Android Lock Screen using Driving mode

Recent reports indicate that researchers have discovered a new method to bypass the Android Lock Screen and extract sensitive information like photos, contacts, browsing history, shared location, and much more.
This issue existed on the most recent versions of Android, such as Android 14 and 13.
Google has reported this issue, and a security patch is yet to be provided for the affected versions.
A researcher named Jose Rodriguez asked a question about accessing Google Maps links from the lock screen.
The question was posted on multiple platforms, including Twitter, Reddit, and Telegram, and it was stated that his Google Pixel was locked.
He found a method to bypass the lock screen and also mentioned that Google has been aware of this issue for at least six months.
The video provided by the researchers involves very simple actions with which an Android device can be successfully bypassed to the main screen.
The exploit has been differentiated with two perspectives DRIVING MODE enabled and DRIVING MODE disabled.
According to the video, the researcher used Google Assistant initially for the interpreter mode.
With this mode, users can translate their own language into English.
It also offers a keyboard for users to type their language.
Once the text is highlighted, Android's link discovery feature kicks in and detects the navigation for Google Maps.
Once the user clicks on the map icon above the highlighted text, the user is taken to Google Maps after some additional steps, and the Android lock screen is successfully bypassed.
If the DRIVING MODE is disabled, a threat actor can use this technique to access recent and favorite locations and contacts and share locations in real time with contacts or with an email that the attacker can enter manually.
If the DRIVING MODE is enabled, a threat actor can combine it with another exploit and gain full control over the Android device and the user's Google account.
The threat actor will need physical access to the victim's device as a prerequisite.
Users of Android with versions 13 and 14 are recommended to keep their devices secured with additional lock restrictions and do not lose their phone's physical access.


This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 11 Dec 2023 14:10:26 +0000


Cyber News related to Researchers Bypassed Android Lock Screen using Driving mode

Researchers Bypassed Android Lock Screen using Driving mode - Recent reports indicate that researchers have discovered a new method to bypass the Android Lock Screen and extract sensitive information like photos, contacts, browsing history, shared location, and much more. This issue existed on the most recent ...
1 year ago Cybersecuritynews.com
Versions 14 and 13 of Android are Vulnerable to New Lock Screen Bypass Exploits - Using Android 14 and 13 smartphones, a newly discovered bug allowing the user to bypass the lock screen can compromise sensitive information from Google accounts stored in users' Google accounts, according to security researcher Jose Rodriguez. It ...
1 year ago Cysecurity.news
CVE-2021-47038 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: avoid deadlock between hci_dev->lock and socket lock Commit eab2404ba798 ("Bluetooth: Add BT_PHY socket option") added a dependency between socket lock and hci_dev->lock ...
1 year ago Tenable.com
CVE-2025-21674 - In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel Attempt to enable IPsec packet offload in tunnel mode in debug kernel generates the following kernel panic, ...
4 months ago Tenable.com
Android to add new anti-theft and data protection features - Google is introducing multiple anti-theft and data protection features later this year, some available only for Android 15+ devices, while others will roll out to billions of devices running Android 10 and later. To protect your personal and ...
1 year ago Bleepingcomputer.com Snatch
CVE-2022-49441 - In the Linux kernel, the following vulnerability has been resolved: tty: fix deadlock caused by calling printk() under tty_port->lock pty_write() invokes kmalloc() which may invoke a normal printk() to print failure message. This can cause a deadlock ...
3 months ago Tenable.com
Choosing the Perfect Smart Lock for Your Home Security - Installing a smart lock on your home is like building a wall of protection around it. In this article, we will explore the benefits of using smart locks, different types of technology available, security features offered, factors to consider when ...
1 year ago Securityzap.com Meow
CVE-2024-54460 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Fix circular lock in iso_listen_bis This fixes the circular locking dependency warning below, by releasing the socket lock before enterning iso_listen_bis, to avoid ...
5 months ago Tenable.com
Monthly Threat Webinar Series in 2023: What to Expect - We firmly believe that the internet should be available and accessible to anyone and are committed to providing a website that is accessible to the broadest possible audience, regardless of ability. These guidelines explain how to make web content ...
2 years ago Trendmicro.com
CVE-2024-26629 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
CVE-2024-54191 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Fix circular lock in iso_conn_big_sync This fixes the circular locking dependency warning below, by reworking iso_sock_recvmsg, to ensure that the socket lock is ...
5 months ago Tenable.com
CVE-2024-26775 - In the Linux kernel, the following vulnerability has been resolved: aoe: avoid potential deadlock at set_capacity Move set_capacity() outside of the section procected by (&d->lock). To avoid possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ...
1 year ago Tenable.com
CVE-2024-36003 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
What Is Android System WebView and Should You Uninstall It? | Definition from TechTarget - Android developers use WebView when they want to display webpages or Hypertext Markup Language content in a Google app or other application. Android System WebView is a system component for the Android operating system (OS) that enables Android apps ...
8 months ago Techtarget.com
Researchers extract RSA keys from SSH server signing errors - A team of academic researchers from universities in California and Massachusetts demonstrated that it's possible under certain conditions for passive network attackers to retrieve secret RSA keys from naturally occurring errors leading to failed SSH ...
1 year ago Bleepingcomputer.com
AutoSpill attack steals credentials from Android password managers - Security researchers developed a new attack, which they named AutoSpill, to steal account credentials on Android during the autofill operation. In a presentation at the Black Hat Europe security conference, researchers from the International ...
1 year ago Bleepingcomputer.com
CVE-2024-43098 - In the Linux kernel, the following vulnerability has been resolved: i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock A deadlock may happen since the i3c_master_register() acquires &i3cbus->lock twice. See the log ...
5 months ago Tenable.com
CVE-2024-26732 - In the Linux kernel, the following vulnerability has been resolved: net: implement lockless setsockopt(SO_PEEK_OFF) syzbot reported a lockdep violation [1] involving af_unix support of SO_PEEK_OFF. Since SO_PEEK_OFF is inherently not thread safe (it ...
1 year ago Tenable.com
CVE-2023-52632 - In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix lock dependency warning with srcu ====================================================== WARNING: possible circular locking dependency detected 6.5.0-kfd-yangp #2289 ...
1 year ago Tenable.com
CVE-2024-47744 - In the Linux kernel, the following vulnerability has been resolved: KVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock Use a dedicated mutex to guard kvm_usage_count to fix a potential deadlock on x86 due to a chain of locks and ...
8 months ago Tenable.com
CVE-2025-23163 - In the Linux kernel, the following vulnerability has been resolved: ...
1 month ago
Researchers Uncover Simple Technique to Extract ChatGPT Training Data - Can getting ChatGPT to repeat the same word over and over again cause it to regurgitate large amounts of its training data, including personally identifiable information and other data scraped from the Web? The answer is an emphatic yes, according to ...
1 year ago Darkreading.com
WhatsApp Beta Testing Expanded Authentication Methods for App Lock Feature - In a world where privacy and security are increasingly important, WhatsApp continues to prioritize the protection of user data through encrypted messaging. Recently, the app has been testing a new label to highlight chat encryption, further ...
1 year ago Cysecurity.news
TsarBot Android Malware Mimics 750 Banking & Finance Apps to Steal Credentials - Once installed, TsarBot uses overlay attacks by displaying fake login pages over legitimate applications, tricking users into entering sensitive information such as banking credentials, credit card details, and login passwords. Identified by Cyble ...
2 months ago Cybersecuritynews.com
CVE-2024-35895 - In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Prevent lock inversion deadlock in map delete elem syzkaller started using corpuses where a BPF tracing program deletes elements from a sockmap/sockhash map. Because ...
1 year ago Tenable.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)