Hacker Claims Of Lock Screen Bug On Google Pixel
November 11, 2022 By Monica Green
(Image Credit Google)
What if a bug made it possible for someone to get past your lock screen? That was specifically what a hacker discovered, and it appears to be a problem with all Google Pixel phones.
Hackers can be malicious or ethical. While the former uses hacking to harm others, the latter uses hacking to make things more secure. David Schutz, an ethical hacker, stumbled onto a problematic defect when his Pixel 6 died as he was sending a text.
Schutz writes in a blog post that after he charged his phone and turned it on, the phone requested the PIN number from his SIM card to unlock the handset. Three incorrect attempts at the code resulted in the SIM card locking, and the phone then requested the PUK code. The device prompted him to set up a new PIN code after he input the PUK code.
After finishing all of that, he was finally returned to the lock screen, but he soon realized something wasn't quite right.
"It was a fresh boot, and instead of the usual lock icon, the fingerprint icon was showing. It accepted my finger, which should not happen, since after a reboot, you must enter the lock screen PIN or password at least once to decrypt the device. After accepting my finger, it got stuck on a weird “Pixel is starting…” message, and stayed there until I rebooted it again."
Schutz was inspired to check into the situation more after this occurrence. He repeated the scenario a few times before realising he had found a way for someone to quickly get past the lock screen. A locked SIM card, a device to eject the SIM card tray, and physical access to the phone were all that were required.
Schutz claims that after verifying the issue on a Pixel 6, he moved on to test the hack on a Pixel 5. Sure enough, it also functioned on that phone. He subsequently informed Google of the discovery and the problem. He would have received a $100K prize if he had been the first to submit this information, but Schutz claims he was the second.
The hacker nevertheless received $70K because it was his tip that prompted Google to begin developing a cure. The most recent security patch, which was released on November 5, 2022, has finally corrected the vulnerability (CVE-2022-20465) that is alleged to affect all Pixel phones.
You only need to update your phone with the security patch for November to resolve this issue on your Pixel. By going to Settings and selecting System, you can do that. Select System update from the System menu, then click the Check for Updates button.