Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Researcher discovered a new lock screen bypass bug for Android 14 and 13

Researchers discovered a lock screen bypass bug in Android 14 and 13 that could expose sensitive data in users’ Google accounts. The security researcher Jose Rodriguez (@VBarraquito) discovered a new lock screen bypass vulnerability for Android 14 and 13. A threat actor with physical access to a device can access photos, contacts, browsing history and more. […]

Wi-Fi

Researchers discovered a lock screen bypass bug in Android 14 and 13 that could expose sensitive data in users’ Google accounts.

The security researcher Jose Rodriguez (@VBarraquito) discovered a new lock screen bypass vulnerability for Android 14 and 13. A threat actor with physical access to a device can access photos, contacts, browsing history and more.

A couple of months ago, the researcher published multiple platforms, including Twitter, Reddit, and Telegram, asking if it was possible to open a Google Maps link from the lock screen because he couldn’t do it with his Pixel locked.

Rodriguez recently discovered that it is possible to bypass the lock screen and claimed that Google is also aware of the issue for at least six months and has yet to address it.

The expert reported the issue to Google in May and pointed out that at the end of November, there was still no scheduled date for a security update.

Rodriguez clarified that the impact of the exploits varies based on the user’s installation and configuration of Google Maps. The severity significantly escalates if the DRIVING MODE is activated.

Below are the two scenarios, and related levels of severity, described by the researcher:

  • If the user does NOT have DRIVING MODE activated: an attacker can access recent and favorite locations (home, work…), also contacts, and share location in real time with contacts or with an email that the attacker can enter manually.
  • If the user DOES have DRIVING MODE activated: by chaining another exploit, in addition to the accesses mentioned in the previous point, an attacker can access the photos of the device, to publish them or to add them as a profile image of the account. Google, and you also get access to extensive information and configuration of the Google account or accounts, with the possibility of gaining full access to the account from a second device and much more that is still to be investigated.

Rodriguez urges Android users to test the screen lock bypass on their phones and provide their comments, including the Android version and model of their devices.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Android)