Hacker Claims $70,000 Reward for Discovering Way to Bypass Google Pixel Lock Screen
A high-severity security issue affecting all Pixel smartphones that could be exploited to unlock the device has been resolved by Google. The vulnerability was reported by David Schutz in June 2022 and was fixed in the Novemeber 2022 Monthly Android update.
Schutz, who was rewarded $70,000 for the lock screen bypass, wrote “The issue allowed an attacker with physical access to bypass the lock screen protections (fingerprints, PIN, etc.) and gain complete access to the user’s device.”
According the Schutz, the vulnerability occurred when this specific series of events occurs:
Supply incorrect fingerprint three times to disable biometric authentication on the locked device
Hot swap the SIM card in the device with an attacker-controlled SIM that has a PIN code set up
Enter incorrect SIM pin thrice when prompted, locking the SIM card
Device prompts user to enter the SIM's Personal Unlocking Key (PUK) code, a unique 8-digit number to unblock the SIM card
Enter a new PIN code for the attacker-controlled SIM
Device automatically unlocks
All an attacker would need to unlock the Pixel phone is their own PIN-locked SIM card, and possession of the card’s PUK code.
“The attacker could just swap the SIM in the victim’s device, and perform the exploit with a SIM card that had a PIN lock and for which the attacker knew the correct PUK code,” Schutz said.
By analyzing the source code changes made by Google to patch the vulnerability, it shows that it was caused by an “incorrect system state” introduced as a result of interpreting the SIM change event incorrectly. This would cause it to entirely dismiss the lock screen.
Schutz admits, “I was not expecting to cause this big of a code change in Android with the bug.”
Story via The Hacker News