A flaw in Android makes it very easy for anyone to unlock an Android smartphone. Update your device quickly.
Your smartphone’s lock screen should be the last barrier between the world and your digital life. When the phone is locked, it cannot be unlocked without your password, your face, or your fingerprint. If you lose it or someone steals it, you don’t have to worry about someone doing something to it. But, unfortunately, at the time of this writing, many people know how to do it.
According to BleepingComputer, cybersecurity researcher David Schuetz has discovered a vulnerability that allows the Google Pixel 6 and Pixel 5 to be unlocked without a password. This happened after his Pixel 6 ran out of battery and also after he entered the wrong PIN three times. Then his SIM card was blocked. So he entered the PUK code to reactivate it.
However, once the SIM was reactivated, the Pixel asked him to scan his fingerprint. This shouldn’t happen as the Pixel (like most smartphones) requires you to enter a code to unlock it after a reboot. You should not be able to use your fingerprint to unlock your smartphone before successfully unlocking with a code.
So David Schütz saw this as a legitimate security flaw. If an attacker inserts his own SIM card into an Android smartphone, enters the wrong SIM code three times, then he can enter the PUK code to create a new SIM PIN code. After that, he can bypass the lock screen and access the phone. The process can be seen in the video below:
David Schutz announced his discovery to Google last June. It took Mountain View five months to come up with a fix, but it’s available. It’s hard to say how long this vulnerability has existed, but it could have compromised tens of millions of Android devices.
How to fix this Android flaw
If you have a smartphone running Android 10, 11, 12, or 13, you must install the November 2022 security update to fix the vulnerability. If you’ve done this before, great. If not, don’t delay!
To install a security patch, go to Settings > System > System Update and then ask the OS to check for a new update. If it is, download and install it. You can also check for security updates in Settings > Security > Google Security Check.