Secure Your Android Device
Security is of utmost importance in the technological age. A researcher and bug hunter has uncovered a key discovery: a straightforward way to get past the lock screen on Android devices that have been fully patched. This vulnerability, also known as CVE-2022-20465, emphasizes how crucial it is to keep your Android smartphone updated in order to maintain its security. We’ll examine this vulnerability’s discovery process, potential repercussions, and—most importantly—how you can update your device to secure it.
Table of Contents
1. The Discover
The most recent Google Pixel smartphones, the Pixel 5 and 6, are in the possession of researcher Schütz. Schütz encountered a situation that many of us can identify with after returning from a 24-hour trip: his Pixel 6 ran out of juice. He realised he had forgotten the device’s PIN after plugging it in. The SIM card automatically locked itself after three unsuccessful tries, needing a PUK (Personal Unblocking Key) code to unlock it.
After the PUK entry, something unexpected happened. In place of the customary phase where the lock screen password is intended to be supplied before starting a fingerprint scan, the device requested a new PIN. Instead of the lock symbol, the fingerprint icon was visible on this brand-new boot. Schütz discovered that, in contrast to what he had anticipated, the device had accepted his fingerprint. Until he restarted it, it was stuck on a “Pixel is starting…” notice.
With the help of a proof-of-concept movie that was uploaded to YouTube, Schütz described this bypass.
2. The Repercussions
The high-severity Android issue with the tracking number CVE-2022-20465 has the potential to escalate privileges. Practically speaking, this means that a phone that is vulnerable could be completely controlled by anyone who has physical access to it. While mostly affecting Google Pixel smartphones, this issue may also affect other Android devices. It is recognised that versions 10, 11, 12, and 13 are weak points.
The worrying part is that Google knew about this flaw before Schütz disclosed it in July 2022. But the business didn’t actually deliver a patch until November of that same year.
4. Activate Your Android Device by Updating It
Keeping your Android device updated is the best way to protect it from potential risks like this bypass. Google advises users of Android 10, 11, 12, and 13 to install the security patch from 2022-11-05. How to check and update your device is as follows:
1. Check Your Device Version:
Open the Settings app on your device, find the “About phone” section (or a part with a similar name), and select “Android version.” Your OS details will be listed, along with the “Android version,” “Build number,” and “Android security patch level.”
2. Check for Updates:
Go to Settings > System update (or Software update, depending on your manufacturer) to make sure your device is running the most recent update available for its version. If an update is available, install it by adhering to the on-screen instructions.
By updating your device, you’ll get the newest features, bug fixes, and general enhancements in addition to resolving vulnerabilities like the one covered here.
Schultz’s simple lock screen bypass and other security flaws highlight how crucial it is to keep your Android device updated. This incident serves as a warning that our gadgets are continuously under attack, and that preserving security requires being vigilant and knowledgeable. You can dramatically lower your risk of being a victim of security vulnerabilities by swiftly deploying security patches and maintaining the software on your device. Make regular upgrades a priority in your digital routine to safeguard your privacy, personal information, and device operation.