Android 14 and 13 reportedly affected with a new lock screen bypass bug

Security researcher Jose Rodriguez has discovered a new lock screen bypass bug that affects Android 14 and 13, putting users’ sensitive information stored in Google accounts at risk. This newly identified bug, targeting Google Maps, poses a serious threat as it allows hackers to access sensitive data including photos, contacts, browsing history, and more.

The vulnerability allows unauthorized access to a device’s content even when it’s locked. Rodriguez validated this security loophole by asking Android users to attempt accessing a Google Maps link while their phones were locked.

And even though Rodriguez reported the issue to Google in May, the fix for this critical vulnerability remains pending. This means users are still at risk of having their important information taken advantage of by attackers. The video below shows how you can check for this issue on your Android device.

The severity of these exploits depends on the user’s settings and configuration of Google Maps. It affects users differently depending on whether they have Driving Mode enabled or disabled in Google Maps.

For users with Driving Mode disabled, attackers could access recent and favorite locations, including home and work details, along with contacts. They can also share real-time location information with other contacts, or via email address.

With Driving Mode enabled, attackers could gain access to device photos. Moreover, they can publish them or use them as the account’s profile picture. Additionally, they can access extensive information and configurations of Google accounts on the device. And even access the account from a different device.

If you’re running Android 13 or Android 14 on your device, then you should look out for this exploit. If affected, consider uninstalling Google Maps temporarily until a fix is issued to protect your sensitive information.

(Via – Security Affairs)