Pierluigi Paganini
December 10, 2023
The security researcher Jose Rodriguez (@VBarraquito) discovered a new lock screen bypass vulnerability for Android 14 and 13. A threat actor with physical access to a device can access photos, contacts, browsing history and more.
A couple of months ago, the researcher published multiple platforms, including Twitter, Reddit, and Telegram, asking if it was possible to open a Google Maps link from the lock screen because he couldn’t do it with his Pixel locked.
Rodriguez recently discovered that it is possible to bypass the lock screen and claimed that Google is also aware of the issue for at least six months and has yet to address it.
The expert reported the issue to Google in May and pointed out that at the end of November, there was still no scheduled date for a security update.
Rodriguez clarified that the impact of the exploits varies based on the user’s installation and configuration of Google Maps. The severity significantly escalates if the DRIVING MODE is activated.
Below are the two scenarios, and related levels of severity, described by the researcher:
Rodriguez urges Android users to test the screen lock bypass on their phones and provide their comments, including the Android version and model of their devices.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Android)
