Attention, Android users — you need to update your phone.
According to Bleeping Computer, there is a way to completely bypass the Android lock screen on your phone, even on Android 13 smartphones. This vulnerability was discovered by cybersecurity researcher David Schütz, who managed to accidentally bypass the lock screen on his Pixel 6 when unintentionally locking his SIM card. The only caveat to this vulnerability is the phone needs to have been unlocked once since its last reboot. It is also unclear if this exploit can work on a device that is using an eSIM, but it seems that it can work on any Android phone with a physical SIM slot.
Android lock screen bypass: How it works
The Android lock screen bypass is relatively simple. Basically, anyone who has physical access to the phone and an extra SIM card can do it.
Once the device’s screen is put to sleep, try to wake it up and unlock it. Since you don’t have the correct fingerprint or PIN this won’t work. Once you fail enough times the device will temporarily disable further attempts to unlock it.
Here’s where the exploit comes in. Once that temporary unlock disable is active, all the attacker needs to do is remove your SIM card and insert a SIM card of their own. After that, they just need to incorrectly enter the SIM PIN until the phone prompts them to enter the Personal Unlock Code/Personal Unlocking Key (POC/PUK). As long as the attacker enters the POC/PUK correctly they will then be prompted to enter in a new PIN for the SIM card. Once they set that PIN, the phone unlocks, giving the attacker full access to the device.
Again, this potentially affects all the latest and best Android phones, even though the vulnerability was discovered on a Google Pixel 6. So make sure, even if you bought a brand new device, to update to the latest version of Android and get the November 7 security patch.
