A few days ago we echoed in Xataka Móvil an interesting investigation by technology journalist Joanna Stern on a practice that was becoming a scourge in the United States in which the theft of an iPhone was only the beginning, since the end goal was to access your entire digital life. If you thought that with Android the protection was better, we have bad news for you: with what a thief has access to your mobile PIN can change your Google password and all that entails.
A four-digit PIN, three minutes and goodbye zeros in your account
Imagine the scenario because it is surely familiar to you: you are in a public place and you access your mobile phone by entering your PIN code… but on this occasion there are two or three people near you who ask you for it under any pretext, it can be accessing a social network, taking their picture. Yes, although the normal thing is that the PIN code coexists with biometric systems to unlock your phone, we often continue to resort to the code for efficiency and speed, other times simply because we always wear gloves and can’t use fingerprint, maybe mask or face scarf or just poor lighting. Raise your hand to anyone who never uses PIN.
The fact is that during this quick and automated operation, this small group next to you notices your PIN code and memorizes it. If they can’t see it at first, they may insist, resort to tricks such as offering to take a picture with your phone and supposedly turning it off by accident so you have to enter it. If they see you do it once or twice is enough ’cause After all, your PIN is probably only four digits long.. They already have your code and now they just have to steal your terminal.
Having your phone stolen is a dissatisfaction in terms of hardware loss of the device, but the worst part is that It is a gateway to everything you keep. And no, it doesn’t take much for them to pass it on: Stern’s research published in the Wall Street Journal tells how three minutes after stealing an iPhone they already had access to the Apple account and 24 hours later they already had it. . cleaned up your bank account.
In Android, things don’t get better
On Android, the story is no better. Android journalist Mishaal Rahman used Stern’s report to explain how easy it is to use the PIN code on Android change your Google account passwords. Yes, that account which you enter as soon as you take your phone out of the box and the same is used to download apps, your email, other profiles and much more.
I am not joking. If a thief knows your Android phone password, THEY CAN CHANGE YOUR GOOGLE ACCOUNT PASSWORD. I just had to go to Settings > Google > Manage your Google account > Security > Password > Forgot password > Use screen lock > Press YES on the phone or tablet.
— Mishaal Rahman (@MishaalRahman) February 25, 2023
The procedure is as easy as thieves go ‘settings‘ > ‘Google‘ > ‘Manage your Google account‘ > ‘Security‘>’Password‘ > ‘Did you forget your password?‘ > ‘Use your lock screen’ and press YES on your phone. At this point, Google recognizes this phone as yours and allows you to change your password: you only needed access to the device and the PIN to unlock it.
While it is true that in Stern’s report he focuses on the iPhone, partly because of its popularity in the United States and partly because it is a premium phone range that sells well on the second-hand market, It’s not an exclusive threat to smartphones from the Bitten Apple and here the cake is eaten by Android, although the iPhone is the favorite among the young population.
Asked about this issue in the WSJ article, a Google spokesperson replied that “Our sign-in and account recovery policies attempt to strike a balance between allowing legitimate users to retain access to their accounts in real-life scenarios and keep the bad guys away.”
And it is precisely this balance that the bad guys use for the attack. How can you protect your Android phone? In addition to implementing biometric systems such as fingerprints, it is a good idea to check who is around you before entering your PIN, but in any case our recommendation is to strengthen your PIN code. unlocking.
Although by default Android asks you for a four-digit passcode, you can make your passcode much longer (pixels allow up to 17 digits), but you can also set long alphanumeric passwordsthe best option from a security point of view.
In Xatakandroid | How to Unlock and Recover Your Android If You Forgot Pattern or Password
