Android cell phones must be updated: cybercriminals found a way to access the cell phone without the key

Spread the love

Taking advantage of a security flaw, a criminal could access the phone using another SIM

Android cell phones must be updated: cybercriminals found a way to access the cell phone without the key

A researcher found a security flaw in phones by modifying the SIM and changing the PIN of the lock screen.

Going through the lock screen of a phone requires entering a pin, pattern or facial recognition, however, a cybersecurity researcher found a vulnerability that criminals could take advantage of to access the phone without having the password.

David Schütz was the expert who found the bug on Android devices, so it caught the attention of Google, who have already corrected the bug with a patch for devices with this system, so the recommendation is to constantly check and update the phone.

It may interest you:

What was the admission process like

Everything starts by restarting the cell phone, since it must ask for the security pin to enter the phone. What Schütz did was enter the code wrong three times and that caused the SIM to be blocked, so he entered the PUK (personal unlocking key) to restore it.

Android cell phones must be updated: cybercriminals found a way to access the cell phone without the key

A researcher found a security flaw in phones by modifying the SIM and changing the PIN of the lock screen.

But when the mobile booted up again, it did not ask for the password, but rather to put your fingerprint to unlock, something that should not happen on any device, because that is an option that is da once the pin has been put on power up.

This way, if a criminal inserts his own SIM into the victim's phone, then enters the PIN incorrectly three times, he can enter his SIM's PUK and create a new pin to gain full access to the device.

< p class="paragraph">With this vulnerability, the criminal can modify other security settings, personal information, mail and see all the content by having the possibility of using the mobile as if it were his own.

Solution to this bug

Google already corrected the situation with a patch, so users on Android 10, 11, 12 and 13 should download the November 2022 security update to work around this vulnerability.

To do so, go to Settings> System > System update, then check for a new update, download and install it. Another method to get the patch is by going to Settings> Security> Google security check, from there you can also do the process to keep your phone safe.

Android cell phones should be updated: cybercriminals found the way to access the cell phone without the key

A researcher found a security flaw in phones when changing the SIM and changing the lock screen PIN.

It may interest you:

Spyware

The Google Threat Analysis Group (TAG) has reported that it has identified spyware on mobile devices >Samsung, which even explored vulnerabilities in the devices, although the situation has already been controlled and corrected.

There were three vulnerabilities that were used as a chain to take control of the cell phone, since the attackers had privileges to read and modify files and then expose them.

According to the investigation, the cell phones The attacks were carried out using the 4.14.113 kernel and the Exynos processor, which is mainly marketed in Europe, the Middle East and Africa.

In addition, the references in which the espionage was identified were the Galaxy S10, A50 and A51, where users were led to download a file outside the official stores, which allowed the cybercriminal to flee the testing area of the application designed to contain its activity and access the rest of the device's operating system.

This situation has already been corrected by Samsung, which has promised to disclose vulnerabilities that are actively exploited, as they already are doing Google and Apple.

Continue reading:

Posted in Uncategorized