Android lock screen vulnerability could give attackers complete access to your phone — what to do

Share

• Copy link
• Facebook
• X
• Whatsapp
• Reddit
• Pinterest
• Flipboard
• Email

Share this article

Join the conversation

Follow us

Add us as a preferred source on Google

Newsletter

Get the Tom's Guide Newsletter

Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!

Become a Member in Seconds

Unlock instant access to exclusive member features.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

---

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

---

Want to add more newsletters?

Daily (Mon-Sun)

Tom's Guide Daily

Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.

Signup +

Weekly on Thursday

Tom's AI Guide

Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!

Signup +

Weekly on Friday

Tom's iGuide

Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.

Signup +

Weekly on Monday

Tom's Streaming Guide

Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.

Signup +

---

Join the club

Get full access to premium articles, exclusive features and a growing list of member rewards.

Explore

---

An account already exists for this email address, please log in.

Subscribe to our newsletter

Attention, Android users — you need to update your phone.

According to Bleeping Computer, there is a way to completely bypass the Android lock screen on your phone, even on Android 13 smartphones. This vulnerability was discovered by cybersecurity researcher David Schütz, who managed to accidentally bypass the lock screen on his Pixel 6 when unintentionally locking his SIM card. The only caveat to this vulnerability is the phone needs to have been unlocked once since its last reboot. It is also unclear if this exploit can work on a device that is using an eSIM, but it seems that it can work on any Android phone with a physical SIM slot. 

The good news is that Google is aware of the issue and has already fixed this vulnerability in its November 7 security update. So as long as you have that installed, you should be good to go. The flaw affects devices running Android 10 or later, so if you have an Android device you should make sure you have all the latest updates. The bug was only found on Google Pixel 6 and Google Pixel 5, but there’s nothing that indicates that the issue is inherently limited to Pixel phones. If you have any Android phone, just play it safe and update. 

Android lock screen bypass: How it works 

The Android lock screen bypass is relatively simple. Basically, anyone who has physical access to the phone and an extra SIM card can do it. 

Once the device’s screen is put to sleep, try to wake it up and unlock it. Since you don’t have the correct fingerprint or PIN this won’t work. Once you fail enough times the device will temporarily disable further attempts to unlock it.

Here’s where the exploit comes in. Once that temporary unlock disable is active, all the attacker needs to do is remove your SIM card and insert a SIM card of their own. After that, they just need to incorrectly enter the SIM PIN until the phone prompts them to enter the Personal Unlock Code/Personal Unlocking Key (POC/PUK). As long as the attacker enters the POC/PUK correctly they will then be prompted to enter in a new PIN for the SIM card. Once they set that PIN, the phone unlocks, giving the attacker full access to the device.

Again, this potentially affects all the latest and best Android phones, even though the vulnerability was discovered on a Google Pixel 6. So make sure, even if you bought a brand new device, to update to the latest version of Android and get the November 7 security patch.