- TRENDING:
- Radeon RX 7900 XTX, 7900 XT
- Snapdragon 8 Gen 2
- Intel 13th Gen Core Review
- Pixel 7 And Pixel 7 Pro
- AMD 4th Gen EPYC
- Ryzen 9 7900X And 7950X
home IT Infrastructure Security
Google Pixel Phones Are Vulnerable To An Easy Lock-Screen Bypass Hack, Update Now
by Chris Goetting — Friday, November 11, 2022, 12:16 PM EDT
The patch addresses the issue by no longer dismissing the device lockscreen once the SIM PUK unlock is completed. While the fix sounds simple enough, Schütz continues to explain that Android engineers decided to refactor the .dismiss() function responsible for closing security screens. The original implementation allowed for unrelated security screens to dismissed by mistake, e.g. the phone’s lock screen layered below the PUK screen. To dramatically simplify things, the .dismiss() function now adds a parameter for context of which security screen it should be dismissing.
For his troubles, the discovery netted Schütz a $70,000 payday. Google ended up reverting its decision to not reward it as a duplicate by acknowledging that his persistence is what caused the company to actually work on the fix. Either way, it seems all has been made right, and end users are now better protected—as long as they install the latest patch, of course!
All Images Credit: David Schütz
Tags: Google, security update, pixel, (nasdaq:goog), fingerprint-sensor, bypass
Follow Us:
- RSS
- YouTube
- 85K
- 27K
- 39K
Your Next PC Platform?
Intel 13th Gen
AMD Ryzen 7000
Intel Meteor Lake
Ryzen 7000X3D
More Results
- MORE HOT HEADLINES IN IT INFRASTRUCTURE
Google Pixel Phones Are Vulnerable To An...
Cloud9 Botnet Employs Malicious...
Lenovo Patches BIOS Vulnerabilities...
iOS Devs Warn Apple Apps Ignore Privacy...
US Feds Raid Silk Road Hacker's Home And...
Beware, Robin Banks Phishing Campaign Is...
SocGholish Malware Campaign Infiltrates...
KEEP INFORMED
Hungary-based researcher David Schutz discovered a serious security flaw that allowed anyone to bypass the lockscreen on Google’s Pixel phones; thus, anyone could access your phone without even needing to know the password.
“I found a vulnerability affecting seemingly all Google Pixel phones where if you gave me any locked Pixel device, I could give it back to you unlocked,” wrote Schutz in his blog post.
It all started when Schutz’s Pixel 6 gave up on him and quickly ran to charge the battery, only to find out that the phone was asking for the PIN code for the SIM card. He did not remember the PIN, and upon three failed attempts, the phone asked for the PUK code, which he had, and entered successfully.
This time, to his surprise, the phone opened and did not even ask for the password, showing the fingerprint icon straight away, which does not happen when the phone boots from the dead. He went ahead and unlocked the phone with his fingerprint, after which the phone got stuck on the “Pixel is starting…” indefinitely.
He repeated the same procedure repeatedly, and the phone was getting stuck on the same “Pixel is starting..” screen. However, after multiple attempts, the phone did not even ask for the fingerprint, just the PUK code, and asked to set a new PIN, after which he was on the home screen.
Schutz tried the same with his Pixel 5, and it glitched as well. The researcher notes that the bug could affect smartphones running Android 10 and later, and smartphones of other vendors besides Google could also be vulnerable.
The lock screen vulnerability, tracked as CVE-2022-20465, has been fixed in the security update released on November 5, 2022, for smartphones running Android 10 and later.
Google rewarded $70,000 to Schutz, who reported the “accidental” bug to the company privately.
FOLLOW US ON SOCIAL MEDIA
FacebookTwitterInstagramKOO APPYOUTUBE