The hacker detects a screen lock bypass error affecting all Google pixels
Rita El Khoury / Android Authority
- A hacker has discovered a bug that is said to affect all Google Pixel phones.
- The bug allows anyone who knows the vulnerability to bypass the lock screen.
- The issue is fixed in the November security update.
The last thing anyone wants is for a stranger to get access to your phone. This is the whole reason why we all face the problem of setting up lock screens. But what if there was a bug that allowed someone to bypass your lock screen? A hacker found just that and it is something that is said to affect everyone Google Pixel phones.
There are malicious hackers and ethical hackers, while the former hackers are for malicious reasons, and the latter hack to help make things safer. Ethical hacker David Schutz stumbled upon an annoying bug by chance after his Pixel 6 phone died while sending a text message.
in Blog postSchutz explains that after he charged his phone and turned it on, the phone required his SIM card’s PIN code to unlock the device. After getting the code wrong three times, the SIM card was locked and the phone asked for a PUK code instead. When I entered the PUK code, the device prompted it to set up a new PIN code.
When that was all done, he was finally done to the lock screen, but he noticed that something wasn’t right.
It was a fresh reboot, and instead of the usual lock icon, a fingerprint icon appeared. I kissed my finger, which shouldn’t happen, because after the reboot, you have to enter the lock screen PIN or password at least once to decrypt the device. After accepting my finger I got stuck with a weird message saying “Pixel started…”, and it stayed there until I turned it back on again.
This incident encouraged Schutz to look into the matter further. After breeding on the situation a few times, he realized he had found something that would allow someone to easily bypass the lock screen. All that was required was physical access to the phone, a locked SIM card, and a tool to eject the SIM card tray.
Below, you can watch a video of Schutz reproducing the vulnerability.
Schutz says that after he confirmed the vulnerability on the Pixel 6, he then set out to test the flaw on the Pixel 5. It certainly worked on that phone, too. After detection, then contact Google about the problem. If he had been the first to send this report, he would have received a $100,000 bounty, but Schutz says he was the second person to report the error.
However, the hacker still got $70K, because it was his report that got Google to start working on a fix. The vulnerability (CVE-2022-20465) that is said to affect all Pixel phones has now been fixed with the latest security patch that arrived on November 5, 2022.
To fix this issue on your Pixel phone, simply update your phone with the November security patch. You can do this by heading to Settings and scrolling down to System. When you go to System, click on System Update and hit the Check Update button.
#hacker #detects #screen #lock #bypass #error #affecting #Google #pixels