The lock screen on all Google Pixels turned out to
Software

The lock screen on all Google Pixels turned out to be easy to bypass, but the bug has already been fixed

White hat hacker David Schütz discovered a vulnerability in Google Pixel smartphones that allowed them to be unlocked without scanning a fingerprint or entering a PIN. Google paid him a reward and fixed a bug in the latest device software update.

The vulnerability was discovered by accident. One day, Mr. Schütz charged and turned on the phone, and it asked for a SIM PIN to unlock it. After three incorrect entries, the device requested a PUK code. By entering it correctly, the owner of the phone has changed the PIN and switched on the phone. But something was wrong: instead of the traditional lock icon, a fingerprint icon appeared – Protection unlocked the device, but got stuck on a strange “Pixel starting” message, which remained until the restart.

A curious user decided to study this issue in depth. Repeating the situation several times, he found that he’d stumbled upon a way to easily bypass the phone’s lock – all that was needed was physical access to the device, its own SIM card, and a paperclip key from the compartment. According to the author of the impromptu study, he was able to confirm the presence of a vulnerability in the Pixel 6, and then in the Pixel 5. He contacted Google and reported his discovery, but he couldn’t collect the $100,000 due for it – someone spotted it earlier and told the developer about it. But the $70,000 was still paid in protection because they only began to correct the error after his appeal.

Vulnerabilities assigned a serial number CVE-2022-20465 – It is said to affect all Pixel phones. However, using it will not be easy now because the bug has been fixed in the next security update released on November 5, 2022.

RELATED TOPICS

About the author

Robbie Elmers

Robbie Elmers is a staff writer for Tech News Space, covering software, applications and services.

Add Comment

Click here to post a comment