New Android Lock‑Screen Bypass Lets Attackers Unlock Phones in Under a Minute

Researchers have uncovered a timing flaw in the way recent Android versions process biometric authentication. By rapidly toggling the biometric prompt and measuring the response latency, an attacker can trick the system into accepting a false authentication token, effectively bypassing the lock screen in as little as 60 seconds without knowing the PIN, pattern, or password.

The vulnerability grants anyone with brief physical access the ability to retrieve personal data, install malicious apps, or exfiltrate corporate information. Defenders should prioritize applying the pending security patch, enforce strict device‑management policies that limit biometric use, and monitor for anomalous unlock attempts. Disabling or limiting biometrics on high‑risk devices and educating users about the risks of leaving phones unattended are also essential mitigations.

Categories: Vulnerabilities & Exploits, Identity & Access Management

Source: Read original article