Driving mode is a secret key to your personal data.
Researcher Jose Rodriguez discovered a new vulnerability in the lock screen system of devices running on Android 13 and 14. This bug allows attackers with physical access to a smartphone to extract a user's personal information, including photos, contacts, and browser history.
A few months ago, Rodriguez turned to his followers on Twitter, Reddit and Telegram platforms with a question about whether it is possible to open the Google Maps app from the locked screen. On the Pixel smartphone, he could not do this.
Now it turned out that there is still a way. Rodriguez noticed the problem back in May and immediately reported it to Google. However, by the end of November, the company still hadn't released a security update.
Rodriguez stressed that the degree of threat varies depending on how the user has configured and uses Google Maps. The device is particularly vulnerable if driving mode is activated.
Here are the details of the most likely scenarios:
1. If driving mode is not activated, an attacker can gain access to the user's recent and favorite locations (home, work, etc.). You can also view your contacts and share your location in real time, such as via email.
2. If driving mode is activated, the attacker will also have access to photos on the smartphone. You can post your photo on platforms linked to your Google Account or use it as a profile picture.
Moreover, the hacker will be able to change the settings of the Google account. This is enough to take full control of your account by transferring your data to another device.
Obviously, there are other risks that Rodriguez has yet to explore.
The researcher recommends that Android owners repeat these scenarios on their devices and share the results by specifying the operating system version and phone model. This is extremely important to ensure your personal security and protect your confidential data.
Researcher Jose Rodriguez discovered a new vulnerability in the lock screen system of devices running on Android 13 and 14. This bug allows attackers with physical access to a smartphone to extract a user's personal information, including photos, contacts, and browser history.
A few months ago, Rodriguez turned to his followers on Twitter, Reddit and Telegram platforms with a question about whether it is possible to open the Google Maps app from the locked screen. On the Pixel smartphone, he could not do this.
Now it turned out that there is still a way. Rodriguez noticed the problem back in May and immediately reported it to Google. However, by the end of November, the company still hadn't released a security update.
Rodriguez stressed that the degree of threat varies depending on how the user has configured and uses Google Maps. The device is particularly vulnerable if driving mode is activated.
Here are the details of the most likely scenarios:
1. If driving mode is not activated, an attacker can gain access to the user's recent and favorite locations (home, work, etc.). You can also view your contacts and share your location in real time, such as via email.
2. If driving mode is activated, the attacker will also have access to photos on the smartphone. You can post your photo on platforms linked to your Google Account or use it as a profile picture.
Moreover, the hacker will be able to change the settings of the Google account. This is enough to take full control of your account by transferring your data to another device.
Obviously, there are other risks that Rodriguez has yet to explore.
The researcher recommends that Android owners repeat these scenarios on their devices and share the results by specifying the operating system version and phone model. This is extremely important to ensure your personal security and protect your confidential data.
