Pixel Lock Screen Bug Hack Helps Researcher Earn $70,000
A researcher earned $70,000 as a bug bounty after discovering a simple lock screen vulnerability bypass hack affecting Google Pixel devices.
A researcher earned $70,000 as a bug bounty after discovering a simple lock screen vulnerability bypass hack affecting Google Pixel. The security bug was discovered by a Hungary-based researcher named David Schütz which said anybody could unlock a Pixel smartphone even if they didn't know the device's security passcode.
The researcher also mentioned that the security bug was very simple to exploit. However, Google took almost five months to fix the vulnerability that could allow anybody, with the Pixel in their hand, to access the device’s data without having to enter the lock screen’s passcode.
"I found a vulnerability affecting seemingly all Google Pixel phones where if you gave me any locked Pixel device, I could give it back to you unlocked. The bug just got fixed in the November 5, 2022 security update," the researcher wrote in a blog post.
The researcher also noted that anybody with physical access to a Google Pixel device could swap in their own SIM card and enter its preset recovery code to bypass the Android’s lock screen protections.
Explaining security bug, the researcher added, "The issue allowed an attacker with physical access to bypass the lock screen protections (fingerprint, PIN, etc.) and gain complete access to the user’s device. The vulnerability is tracked as CVE-2022-20465 and it might affect other Android vendors as well. You can find my patch advisory and the raw bug report I have sent to Google at feed.bugs.xdavidhu.me."
The researcher said after a fresh boot of the Pixel phone, instead of the usual lock icon, the fingerprint icon was showing. It accepted his finger, which should not happen, since after a reboot, one must enter the lock screen PIN or password at least once to decrypt the device, thus, corroborating his finding.
"After accepting my finger, it got stuck on a weird “Pixel is starting…” message, and stayed there until I rebooted it again," he noted.