Google has addressed a high-severity security bug, tracked as CVE-2022-20465, affecting all Pixel smartphones that could be exploited to unlock the devices.
The Google Pixel Lock Screen Bypass was reported by security researcher David Schütz that was awarded $70,000 for this flaw.
“The issue allowed an attacker with physical access to bypass the lock screen protections (fingerprint, PIN, etc.) and gain complete access to the user’s device. The vulnerability is tracked as CVE-2022-20465 and it might affect other Android vendors as well.” reads the post published by Schütz, “You can find my patch advisory and the raw bug report I have sent to Google at feed.bugs.xdavidhu.me.”
The expert discovered how to unlock a Pixel phone using a PIN-locked SIM card and knowing its PUK code.
He reported the vulnerability in June 2022 and Google fixed it the release of Android update for November 2022.
Schütz noticed a strange behavior of his mobile divide during a journey and started looking at it again the next day. After rebooting the phone, putting in the incorrect PIN 3 times, entering the PUK, and choosing a new PIN, he noticed that the device went to the “Pixel is starting…” state.
He made further tests and discovered that is possible to bypass lock screen protections with the following sequence of actions:
Below is a video PoC of the unlock process:
“Since the attacker could just bring his/her own PIN-locked SIM card, nothing other than physical access was required for exploitation.” Schütz explained. “The attacker could just swap the SIM in the victim’s device, and perform the exploit with a SIM card that had a PIN lock and for which the attacker knew the correct PUK code.”
The expert analyzed source code commits that address the flaw since Android is open source. He discovered that the fix has a huge impact on the overall source code, he noticed that many files have been changed.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
|[adrotate banner=”9″]||[adrotate banner=”12″]|
(SecurityAffairs – hacking, Android)