Researchers Bypassed Android Lock Screen using Driving mode Assistant

Recent reports indicate that researchers have discovered a new method to bypass the Android Lock Screen and extract sensitive information like photos, contacts, browsing history, shared location, and much more.

This issue existed on the most recent versions of Android, such as Android 14 and 13. Moreover, Google has reported this issue, and a security patch is yet to be provided for the affected versions.

EHA

Android Lock Screen Bypass

A researcher named Jose Rodriguez asked a question about accessing Google Maps links from the lock screen. The question was posted on multiple platforms, including Twitter, Reddit, and Telegram, and it was stated that his Google Pixel was locked.

However, he found a method to bypass the lock screen and also mentioned that Google has been aware of this issue for at least six months. The video provided by the researchers involves very simple actions with which an Android device can be successfully bypassed to the main screen.

The exploit has been differentiated with two perspectives DRIVING MODE enabled and DRIVING MODE disabled. 

Exploitation POC

According to the video, the researcher used Google Assistant initially for the interpreter mode. With this mode, users can translate their own language into English.

Additionally, it also offers a keyboard for users to type their language. Android also has a feature to detect links and navigate to specific applications with “highlighted text.” The researcher used the keyboard to type a Google Maps link and select all the text.

Once the text is highlighted, Android’s link discovery feature kicks in and detects the navigation for Google Maps. Once the user clicks on the map icon above the highlighted text, the user is taken to Google Maps after some additional steps, and the Android lock screen is successfully bypassed.

If the DRIVING MODE is disabled, a threat actor can use this technique to access recent and favorite locations and contacts and share locations in real time with contacts or with an email that the attacker can enter manually.

If the DRIVING MODE is enabled, a threat actor can combine it with another exploit and gain full control over the Android device and the user’s Google account. The threat actor will need physical access to the victim’s device as a prerequisite.

Users of Android with versions 13 and 14 are recommended to keep their devices secured with additional lock restrictions and do not lose their phone’s physical access.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.