In this technology era, phones have evolved from wall telephones with spin dials to mobile touchscreen smartphones that can just about do anything. These phones are capable of keeping documents, pictorial memorabilia, and contacts of loved ones, colleagues, and acquaintances. Life has been made easy with phones. But even the smartest machine can have flaws, and people who use Android phones have been warned that anyone can bypass the lock screens on their phones without their password. In simple terms, it’s called a hack.
How can someone hack another device?
It has been done before, many times and it is still getting done. People can hack through other phones using different means. Sometimes when you are locked out of your phone, hacking is the way to go to unlock your phone. For example, using Google Find my device.
It is fairly easy when you have this application on your laptop or any other device. You go to the application and sign in to your Google account, at which point it will show you all devices that signed in to the account. From there, is a simple matter of choosing the device you want to unlock. Thereafter a lock sign pops on the screen and when you tap that, you can change your password and all will be well.
Another way of bypassing your phone’s lock screen without loss of information through resetting is using ADB. ADB stands for “Android debug bridge”, a commanding tool that allows you to make communication with your phone. This is how you use ADB:
- Connect your android device to a computer.
- In the ADB installation directory, open a command prompt window.
- On the window, type “ADB shell rm/data/system/gesture.key. Press enter
- After that, reboot your Android device. When you switch it back on, the security will have been dissolved.
But that is not all. There are many ways to hack into a phone and most times, it is to steal information kept in the phone.
A new bug in town
Recently, a man by the name of David Schutz who is a researcher from Hungary discovered a security bug that can bypass an Android phone’s lock screen. Needless to say, he came across this accidentally but it has earned him a reward from Google.
Schutz discovered a bug that is now known as CVE-2022-20465. He made this discovery on his Google Pixel 5 after a long day of travel. His battery was drained and he decided to charge it, only to be told to put in the PIN, which he tried unsuccessfully. He proceeded to say that the bug was strange.
The strange part is coming in where all you need to do to bypass the system is to switch out SIM cards. While it is not clear as to which Android phones can be affected by this bug, what is clear is Google took this a serious issue and immediately found a solution that fixed the bug. The solution, however, arrived five months after the bug was discovered.
How does CVE-2022-20465 work?
If you have access to a Google Pixel phone, all you need to do is enter at least three incorrect fingerprint scans. That will disable the biometric feature, which will then allow you to proceed.
The next step is to remove your SIM card and swap it for another. The phone will ask for a PIN, which has to be entered incorrectly as well. Then the phone will ask for a PUK number for the SIM card. From there, you can put in any password you can think of and just like that, access to the phone will be granted.
David Schutz is a man of expertise in this field and even he was shaken by the potential this bug has, or had if it couldn’t have been handled in good time.
The good thing is that Google reacted faster, even if it took them more than three months to find solutions to fix this bug. Schutz reported his findings in July and it was reported to be completely fixed in November 2022. It is a well-known fact that Google pays well to people who come across bugs that can be used as instruments of destruction against its operating system.
The usual amount is approximately $100,000 but Schutz was paid $70,000 because it is said that he discovered was second in line. Who discovered it for the first time isn’t known and credited but Schutz did the research and came up with proof of the vulnerability of Pixel phones and that is why he was rewarded with that amount. What is known of the first report on the bug is that Google failed to fix the bug that was reported before Schutz duplicated one.
Google has since reported that the bug has been fixed, even though it is not known whether this bug can only work with Google Pixels or all the other Androids.
However long it took Google to fix this bug, it is still a good thing that it got fixed, because that saves the bug from being used by hackers with malicious intentions. Some would want to use this to gather information about their contacts and use it unlawfully, while others will just want to get their hands on a little something to hack into their partners’ phones with no good reason but to use the knowledge gained to coerce, manipulate and even hurt them.
It is good to know that Google pays well to those who find these bugs and report them so that they get fixed in good time. Having that bug on the loose could do a great deal of mess and eventually ruin good phones.
For this bug to work properly, the hacker needs to have their hands on your gadget full time so however way you can, protect your gadgets at all costs and make sure they don’t land in the hands of thieves who will go to any lengths to extract the information they want.