Versions 14 and 13 of Android are Vulnerable to New Lock Screen Bypass Exploits

Using Android 14 and 13 smartphones, a newly discovered bug allowing the user to bypass the lock screen can compromise sensitive information from Google accounts stored in users' Google accounts, according to security researcher Jose Rodriguez.
It has now been discovered that there is a new Google Maps bug which poses a serious threat by allowing hackers to access sensitive data, allowing them to access photos, contacts, browsing history, and other sensitive information.
It has been confirmed that Android users can attempt to access a Google Maps link while their phones are locked, and Rodriguez validated this security loophole by asking them to access it.
This was a very interesting discovery for Rodriguez as he tried to open links to Google Maps from the lock screen directly, and this caused the bug to appear.
The more concerning part is that Rodriguez claims that Google has been aware of the issue for at least six months without doing anything about it.
This is the latest security flaw that Rodriguez has found, and he reported it to Google in May, a specialist in discovering mobile security flaws.
There is still no security patch available from Google to address the vulnerability despite the latest updates that have been released.
It is believed that the vulnerability allows attackers to access and share recent and favourite locations as well as contacts depending on the way the user configures Google Maps.
It was Rodriguez's first attempt to open Google Maps from the lock screen, and he asked for assistance on several platforms, including Twitter, Reddit, and Telegram.
Later, he discovered the way around the lock screen bypass, indicating that Google had been aware of this problem for at least six months.
Although Google is aware of this vulnerability and has been notified about it, they have not yet addressed it, leaving users vulnerable to exploitation by threat actors with physical access to their devices, regardless of the severity of the vulnerability.
Google Maps' vulnerability varies from user to user, with severity increasing if the Driving Mode is activated, which results in a greater impact of the exploits.
An attacker can access recent and favourite locations and contacts of a user who does not have the DRIVING MODE, and share location information with their contact in real time.
In the second scenario, another exploit is chained to gain access to and publish photos of the user, extensively manipulate the Google account, and potentially gain full access to the account as well.
A user who is using an Android smartphone is encouraged to try the lock screen bypass and report what they find out.
By activating DRIVING MODE, the attacker will be able, through additional exploits, to gain access to photos, extensive details and configurations of Google accounts as well as the ability to gain total control of the account from another device, as well as the ability to access the account remotely.
Rodriguez recommends that Android users test the screen lock bypass on their phones and share feedback about the potential risks and vulnerabilities associated with this issue, including the Android version and device model.
A significant security flaw exists in the Google Pixel that can be exploited by swapping the SIM card from a locked device with one that has a known PUK code.
The response time from Google to security issues has been very slow, so it raises concerns about the company's commitment to promptly addressing security flaws that can potentially put users at risk.
This pattern raises questions about Google's commitment to addressing security flaws as soon as possible.


This Cyber News was published on www.cysecurity.news. Publication date: Wed, 13 Dec 2023 12:43:05 +0000


Cyber News related to Versions 14 and 13 of Android are Vulnerable to New Lock Screen Bypass Exploits

Versions 14 and 13 of Android are Vulnerable to New Lock Screen Bypass Exploits - Using Android 14 and 13 smartphones, a newly discovered bug allowing the user to bypass the lock screen can compromise sensitive information from Google accounts stored in users' Google accounts, according to security researcher Jose Rodriguez. It ...
11 months ago Cysecurity.news
CVE-2021-47038 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: avoid deadlock between hci_dev->lock and socket lock Commit eab2404ba798 ("Bluetooth: Add BT_PHY socket option") added a dependency between socket lock and hci_dev->lock ...
8 months ago Tenable.com
Android to add new anti-theft and data protection features - Google is introducing multiple anti-theft and data protection features later this year, some available only for Android 15+ devices, while others will roll out to billions of devices running Android 10 and later. To protect your personal and ...
6 months ago Bleepingcomputer.com
Researchers Bypassed Android Lock Screen using Driving mode - Recent reports indicate that researchers have discovered a new method to bypass the Android Lock Screen and extract sensitive information like photos, contacts, browsing history, shared location, and much more. This issue existed on the most recent ...
11 months ago Cybersecuritynews.com
Choosing the Perfect Smart Lock for Your Home Security - Installing a smart lock on your home is like building a wall of protection around it. In this article, we will explore the benefits of using smart locks, different types of technology available, security features offered, factors to consider when ...
11 months ago Securityzap.com
CVE-2024-26629 - In the Linux kernel, the following vulnerability has been resolved: ...
5 months ago
CVE-2021-42017 - A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.8), RUGGEDCOM i801 (All versions < V4.3.8), RUGGEDCOM i802 (All versions < V4.3.8), RUGGEDCOM i803 (All versions < V4.3.8), RUGGEDCOM M2100 (All versions < ...
1 year ago
CVE-2024-36003 - In the Linux kernel, the following vulnerability has been resolved: ...
6 months ago
CVE-2021-42016 - A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.8), RUGGEDCOM i801 (All versions < V4.3.8), RUGGEDCOM i802 (All versions < V4.3.8), RUGGEDCOM i803 (All versions < V4.3.8), RUGGEDCOM M2100 (All versions < ...
1 year ago
An Argument for Coordinated Disclosure of New Exploits - There were more than 23,000 vulnerabilities discovered and disclosed. While not all of them had associated exploits, it has become more and more common for there to be a proverbial race to the bottom to see who can be the first to release an exploit ...
5 months ago Darkreading.com
CVE-2024-26775 - In the Linux kernel, the following vulnerability has been resolved: aoe: avoid potential deadlock at set_capacity Move set_capacity() outside of the section procected by (&d->lock). To avoid possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ...
7 months ago Tenable.com
Raspberry Robin malware evolves with early access to Windows exploits - Recent versions of the Raspberry Robin malware are stealthier and implement one-day exploits that are deployed only on systems that are susceptible to them. One-day exploits refer to code that leverages a vulnerability that the developer of the ...
9 months ago Bleepingcomputer.com
What Is Android System WebView and Should You Uninstall It? | Definition from TechTarget - Android developers use WebView when they want to display webpages or Hypertext Markup Language content in a Google app or other application. Android System WebView is a system component for the Android operating system (OS) that enables Android apps ...
1 month ago Techtarget.com
CVE-2024-26732 - In the Linux kernel, the following vulnerability has been resolved: net: implement lockless setsockopt(SO_PEEK_OFF) syzbot reported a lockdep violation [1] involving af_unix support of SO_PEEK_OFF. Since SO_PEEK_OFF is inherently not thread safe (it ...
7 months ago Tenable.com
WhatsApp Beta Testing Expanded Authentication Methods for App Lock Feature - In a world where privacy and security are increasingly important, WhatsApp continues to prioritize the protection of user data through encrypted messaging. Recently, the app has been testing a new label to highlight chat encryption, further ...
8 months ago Cysecurity.news
Android 15, Google Play get new anti-malware and anti-fraud features - Today, Google announced new security features coming to Android 15 and Google Play that will help block scams, fraud, and malware apps on users' devices. Announced at Google I/O 2024, the new features are designed not only to help end users but also ...
6 months ago Bleepingcomputer.com
CVE-2024-47744 - In the Linux kernel, the following vulnerability has been resolved: KVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock Use a dedicated mutex to guard kvm_usage_count to fix a potential deadlock on x86 due to a chain of locks and ...
1 month ago Tenable.com
Monthly Threat Webinar Series in 2023: What to Expect - We firmly believe that the internet should be available and accessible to anyone and are committed to providing a website that is accessible to the broadest possible audience, regardless of ability. These guidelines explain how to make web content ...
1 year ago Trendmicro.com
CVE-2023-52632 - In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix lock dependency warning with srcu ====================================================== WARNING: possible circular locking dependency detected 6.5.0-kfd-yangp #2289 ...
7 months ago Tenable.com
CVE-2021-37209 - A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.8), RUGGEDCOM i801 (All versions < V4.3.8), RUGGEDCOM i802 (All versions < V4.3.8), RUGGEDCOM i803 (All versions < V4.3.8), RUGGEDCOM M2100 (All versions < ...
1 year ago
CVE-2024-38867 - A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.64), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.64), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) ...
4 months ago
CVE-2021-31895 - A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V4.3.7), RUGGEDCOM ROS M2200 (All versions < V4.3.7), RUGGEDCOM ROS M969 (All versions < V4.3.7), RUGGEDCOM ROS RMC (All versions < V4.3.7), RUGGEDCOM ROS RMC20 ...
3 years ago
CVE-2022-45044 - A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.50), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.50), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) ...
8 months ago
CVE-2024-38589 - In the Linux kernel, the following vulnerability has been resolved: netrom: fix possible dead-lock in nr_rt_ioctl() syzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1] Make sure we always acquire nr_node_list_lock before ...
5 months ago Tenable.com
CVE-2024-35895 - In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Prevent lock inversion deadlock in map delete elem syzkaller started using corpuses where a BPF tracing program deletes elements from a sockmap/sockhash map. Because ...
6 months ago Tenable.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)