This Android flaw thwarts the smartphone lock screen

A vulnerability has been found on Android that allows the lock screen of a smartphone to be bypassed. For this, it uses the phone’s multi-user mode, which allows you to create several sessions on one device.

The Honor Magic 4 Lite lock screen // Source: Frandroid – Robin Wycke

Security vulnerabilities in our smartphones are part of the daily life of many developers, although we do not always realize it. This July 15, for example, a new security threat has been discovered that is said to have infected three million Android devices. Added to this is a newly disclosed vulnerability allowing the lock screen to be bypassed by exploiting a breach in the multi-user mode on Android.

As a reminder, the multi-user mode allows you to add kinds of sessions, like what you find on Windows, but on Android. This is useful for devices that are shared by multiple people, for work or family with custom spaces.

A security flaw on Android to unlock a smartphone without the code

Maveris Labs community member Josué Nearchos posted an article on Medium in which he speaks ofCVE-2022-20006“. We learn there that he ispossible to briefly view what is behind the lock screenby distorting the level of permissions granted. “User interaction is not required for operation[de la faille]».

The problem is the transition between user profiles. In his article, Josué Nearchos explains how to unlock an Android smartphone without a code, password, etc. When switching from any profile to the target profile, one has to quickly click on the target profile as well as the home button. Once the manipulation has been completed, you can access the home screen of the target profile. It is not easy to achieve and the flaw is limited.

Lien YouTubeSubscribe to Frandroid

In effect, “if successful, you will be presented with the target users home screen and you will be able to browse and access anything in that target user profile for a limited time (usually 5-30 seconds) before the lock screen does not reappear“. While it may seem very unhelpful, it may be enough to install malware.

The prerequisites for making the fault work

Fortunately, certain conditions restrict the exploitation of the flaw. It requires physical access to the device, which must be running Android 10, 11, or 12,”with security patch levels prior to June 5, 2022“. A good reminder to make is that you have to update your devicesincluding security updates.

On top of that, three-button navigation needs to be enabled, not gesture navigation. Next, “lock screen must be enabled“, just like the multi-user function, with at least two users, even if one is a profile “guest ».

How to secure your smartphone, tablet or PC? The ultimate guide!How to secure your smartphone, tablet or PC? The ultimate guide!

Let’s face it, few of us have the right safety reflexes. However, our smartphones, our tablets and our PCs house a great deal of private data. So you are surely interested in following these…
Read more

To follow us, we invite you to download our Android and iOS app. You can read our articles, files, and watch our latest YouTube videos.

Related posts:

Unlock Your Imagination: Artificial Intelligence Roleplay for a Fun & Productive Experience
Samsung is doing very well with this free gift for the purchase of the Galaxy Z Flip 5
The planet with the most moons in the solar system
What to do if you forgot your MacBook password
At 2500 pounds .. the specifications of the new Nokia C30 phone
The Poco F4 GT arrives, hacked ticket machines in France, the recap
'Stardew Valley: The Board Game' board game is in stock
Where is the first manned moon exploration in half a century to land?

Grown, un roman poignant de Tiffany D. Jackson

Hemorrhage, resuscitation, excruciating pain… This clandestine abortion which almost turned into a tragedy!

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.