Pixel Lock Screen Bypass Bug

Pixel Lock Screen Bypass: Nobody wants some random person to get into their phone. It’s why everyone goes to the bother of installing a lock screen. But what if a security flaw made it possible for someone to unlock your device? A hacker apparently discovered this, and it’s a problem for all Google Pixel devices.

Hackers may be divided into two categories: those with evil intentions and those with a selfless desire to improve security. David Schutz, an ethical hacker, discovered a worrying flaw by accident when his Pixel 6 died as he was sending a text.

Schutz writes on his blog that once he plugged in his phone and switched it on, it prompted him to enter the PIN associated with his SIM card in order to get access. For security reasons, if you enter the erroneous code too many times, the SIM card locks and the phone prompts you for the PUK code. After inputting the PUK code, the gadget prompted him to create a new PIN.

By the time he reached the lock screen after all that, he knew something wasn’t right.

It was a fresh boot, and instead of the usual lock icon, the fingerprint icon was showing. It accepted my finger, which should not happen, since after a reboot, you must enter the lock screen PIN or password at least once to decrypt the device. After accepting my finger, it got stuck on a weird “Pixel is starting…” message, and stayed there until I rebooted it again.

Because of this occurrence, Schutz decided to investigate the case further. After repeatedly simulating the scenario, he came to the conclusion that he had discovered a way to easily bypass the lock screen. The only requirements were the ability to get their hands on the phone, a locked SIM card, and a means to remove the SIM card tray.

According to Schutz, he tried the hack on a Pixel 5 after confirming it on the Pixel 6. And sure enough, it also functioned properly on that phone. His discovery prompted him to report the problem to Google. Although Schutz claims to have been the second person to disclose the flaw, he would have been eligible for a $100,000 reward had he been the first.

Pixel Lock Screen Bypass Bug
Pixel Lock Screen Bypass Bug

Even though his tip prompted Google to begin working on a patch, the hacker still managed to cash in on a $70,000 reward. An update to the Pixel’s security software was released on November 5, 2022, patching a flaw (CVE-2022-20465) that was previously reported to impact all Pixel devices.

To resolve this issue, just install the November security patch on your Pixel. Select System from the Settings menu and make the necessary adjustments. A system update may be accessed by going to System and then clicking Check for update.

Leave a Comment