Explorer

Pixel Lock Screen Bug Hack Helps Researcher Earn $70,000

A researcher earned $70,000 as a bug bounty after discovering a simple lock screen vulnerability bypass hack affecting Google Pixel devices.

A researcher earned $70,000 as a bug bounty after discovering a simple lock screen vulnerability bypass hack affecting Google Pixel. The security bug was discovered by a Hungary-based researcher named David Schütz which said anybody could unlock a Pixel smartphone even if they didn't know the device's security passcode.

The researcher also mentioned that the security bug was very simple to exploit. However, Google took almost five months to fix the vulnerability that could allow anybody, with the Pixel in their hand, to access the device’s data without having to enter the lock screen’s passcode.

"I found a vulnerability affecting seemingly all Google Pixel phones where if you gave me any locked Pixel device, I could give it back to you unlocked. The bug just got fixed in the November 5, 2022 security update," the researcher wrote in a blog post.

The researcher also noted that anybody with physical access to a Google Pixel device could swap in their own SIM card and enter its preset recovery code to bypass the Android’s lock screen protections.

Explaining security bug, the researcher added, "The issue allowed an attacker with physical access to bypass the lock screen protections (fingerprint, PIN, etc.) and gain complete access to the user’s device. The vulnerability is tracked as CVE-2022-20465 and it might affect other Android vendors as well. You can find my patch advisory and the raw bug report I have sent to Google at feed.bugs.xdavidhu.me."

The researcher said after a fresh boot of the Pixel phone, instead of the usual lock icon, the fingerprint icon was showing. It accepted his finger, which should not happen, since after a reboot, one must enter the lock screen PIN or password at least once to decrypt the device, thus, corroborating his finding.

"After accepting my finger, it got stuck on a weird “Pixel is starting…” message, and stayed there until I rebooted it again," he noted.

View More
Advertisement
Advertisement
25°C
New Delhi
Rain: 100mm
Humidity: 97%
Wind: WNW 47km/h
See Today's Weather
powered by
Accu Weather
Advertisement

Top Headlines

‘India And Kuwait Will Become Partners In Prosperity’: PM Modi Tells ‘Mini Hindustan’ At ‘Hala Modi’ Event
‘India And Kuwait Will Become Partners In Prosperity’: PM Modi Tells ‘Mini Hindustan’
Congress Slams Election Rule Amendment Restricting Electronic Records’ Inspection: 'Why So Afraid Of Transparency?'
Congress Slams Election Rule Amendment Restricting Electronic Records’ Inspection: 'Why So Afraid Of Transparency?'
Delhi Assembly Election: Latest BJP-AAP Battle Centres Around Purvanchal Votes. Here's Why It Matters
Delhi Assembly Election: Latest BJP-AAP Battle Centres Around Purvanchal Votes. Here's Why It Matters
PM Modi In Kuwait Meets 101-Year-Old Ex-IFS Officer Amid Warm Welcome From Indian Diaspora — WATCH
PM Modi In Kuwait Meets 101-Year-Old Ex-IFS Officer Amid Warm Welcome From Indian Diaspora — WATCH
Advertisement
ABP Premium

Videos

Kazan Drone Attack: Attack Sparks Panic In Russia, Blames Ukraine For Attack | ABP NewsMahakumbh: Excitement Intensifies for Mahakumbh 2024 as ABP Team Gears Up for Live Broadcast CoverageKazan Drone Attack: Massive Fire Erupts As Drone Flies Into Building, Terrifying Video SurfacesCongress-Led Protest March Towards Parliament Gains Momentum; Rahul Gandhi’s Absence Raises Speculation

Photo Gallery

Embed widget