Android users are being warned to update their smartphones immediately after a cybersecurity expert discovered a dangerous security flaw in just a few basic steps.
Bug hunter David Schütz claims to have discovered how to bypass the lock screen on his Google Pixel devices by accident.
WATCH THE VIDEO ABOVE: How to actually turn off WiFi on your Android device.
Watch the latest news on Channel 7 or stream it for free on 7plus >>
He says his Google Pixel 6 battery was almost completely drained after a long day of travel when he discovered the simple steps to access the device.
If someone had your phone, the first step to gain access to the device would be to deliberately enter three incorrect fingerprint scans, temporarily disabling the biometric features.
A would-be hacker could remove the phone’s SIM card and replace it with their own.
Finally, they could enter three incorrect PIN attempts before being asked to provide a PUK (Personal Unblocking Key) code for the SIM, which, at this point, is now their SIM card. They would then enter the PUK and then be able to reset the PIN.
“That was disturbingly strange,” Schütz said.
“My hands started shaking at this point.”
Google Chrome urgent warning for millions of users
Remove immediately: Urgent warning about applications installed by more than 20 million users
The cybersecurity expert tried the same process on a Google Pixel 5, with the same result.
The process can only take place when someone physically has your phone, but it’s still a massive risk if thieves get their hands on it, or even in the hands of an abusive partner. According to Schütz, the strange error has to do with changing SIM cards.
The crash was serious enough that the operating system’s owner, Google, released an update to fix the problem, albeit three months after Schütz said he notified the company.
Schütz claims Google paid him $70,000 to help find the flaw.
“Although this bug started out as a not-too-great experience for me, the hacker, after he started ‘shouting’ loud enough, took notice and really wanted to fix what was wrong,” he said.
“In the end, I think Google did pretty well, although the fix timeline still seemed long to me.”
A patch for the bug was included in the November 5, 2022 security update.
Millions of Facebook users urged to use a tool that protects your messages
The little sign on your Android that everyone should know
If you want to see this content, please adjust your cookie settings.
For more information on how we use cookies, see our Cookies Guide.