Warning of Vulnerability in Android devices

The National Cyber Security Centre SK-CERT warns of a vulnerability in devices running Android versions 13 and 14.

The vulnerability lies in the insufficient device security even when the screen is locked. A threat actor needs physical access to the device to exploit this particular vulnerability, and then can access sensitive data such as photos, contacts or browsing history.

The researcher who discovered the vulnerability says that the levels of severity of the vulnerability also depend on the “Driving mode” setting.

  • If the user does not have “Driving mode” activated, an attacker can
  • access recent and favourite locations and contacts
  • and share this data, for example, with the attacker’s email address.

 

  • If the user does have “Driving mode” activated, such a device becomes more vulnerable. An attacker can exploit this setting for even wider access to the data of the device. In addition, an attacker can gain access to
  • to the photos in the gallery,
  • configuration of Google accounts
  • full access to the Google account from a second device is also not excluded.

The researcher recommends uninstalling Google Maps until the company releases a security update for the vulnerability.

Sources

  • https://securityaffairs.com/155588/hacking/android-14-13-lock-screen-bypass.html 

« Späť na zoznam