Security News > 2022 > November > Hacker Rewarded $70,000 for Finding Way to Bypass Google Pixel Phones' Lock Screens
Google has resolved a high-severity security issue affecting all Pixel smartphones that could be trivially exploited to unlock the devices.
"The issue allowed an attacker with physical access to bypass the lock screen protections and gain complete access to the user's device," Schütz, who was awarded $70,000 for the lock screen bypass, said in a write-up of the flaw.
The problem, per the researcher, is rooted in the fact that lock screen protections are completely defeated when following a specific sequence of steps -.
This also means that all an adversary needs to unlock a Pixel phone is to bring their own PIN-locked SIM card and is in possession of the card's PUK code.
"The attacker could just swap the SIM in the victim's device, and perform the exploit with a SIM card that had a PIN lock and for which the attacker knew the correct PUK code," Schütz said.
An analysis of the source code commits made by Google to patch the flaw shows that it's caused by an "Incorrect system state" introduced as a result of wrongly interpreting the SIM change event, causing it to entirely dismiss the lock screen.
News URL
https://thehackernews.com/2022/11/hacker-rewarded-70000-for-finding-way.html
Related news
- Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies (source)
- Free VPN apps on Google Play turned Android phones into proxies (source)
- Google fixes two Pixel zero-day flaws exploited by forensics firms (source)
- Google One VPN axed for everyone but Pixel loyalists ... for now (source)
- FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT (source)