David Schutz Discovers a Lock Screen Bug that Affects all Pixel Devices
David Schutz, an ethical hacker, asserts that a defect, which has since been patched, allowed anyone to circumvent the lock screen on all Google Pixel handsets. “The vulnerability allowed an attacker with physical access to circumvent the lock screen safeguards (fingerprint, PIN, etc.) and get full access to the user’s device. This vulnerability is listed as CVE-2022-20465, and it may also affect other Android OEMs,” according to Schutz.
Schutz discovered the flaw while mistakenly sending a text message on his Pixel 6 with 1% battery remaining. After the phone’s battery expired, he plugged it into a charger and turned it on. Schutz observed that the Pixel 6 requested the SIM’s PIN at startup. After he input the erroneous code three times, the smartphone required a Personal Unlocking Key (PUK) code in order to unlock and function once again.
After inputting the PUK code, the Pixel prompted Schutz to create a new PIN, at which point he realized something was amiss. Upon initial boot, the Pixel lock screen displayed the fingerprint symbol rather than the standard lock screen that required a PIN. The device should not have accepted this fingerprint after a new start, as reported by Schutz. “After recognizing my finger, it froze on a strange “Pixel is beginning…” message and remained there till I reset it,” he continued.
To confirm that this was not a one-time occurrence, the ethical hacker repeated the identical technique numerous times with the same outcome. During one of the tests, the phone displayed the home screen rather than the lock screen. He asserts that he conducted the same procedure on his Pixel 5 and had the same results.
“Since the attacker could simply bring his or her own PIN-locked SIM card, physical access was the only need for exploitation. “The attacker could simply replace the SIM card in the victim’s smartphone and execute the exploit using a SIM card with a PIN lock and for which the attacker knew the right PUK code,” Schutz said in a blog post.
Check out? Enable iPhone Lockdown Mode To Keep It Safe From hackers