![]() “Since the attacker could just bring his/her own PIN-locked SIM card, nothing other than physical access was required for exploitation. Schütz realized the hack would be easily exploited by anyone, from spies to crooks and jealous spouses. The researcher realized that he had achieved a full lock screen bypass on the fully patched Pixel 6. On one occasion he forgot to reboot the phone, and just began from a normal unlocked state, locked the device, and hot-swapped the SIM tray, before carrying out the SIM PIN reset process.Īfter following this sequence before entering the PUK code and choosing a new PIN, Schütz was presented with his unlocked home screen. ![]() Schütz decided to investigate the issue over subsequent days. RECOMMENDED GhostTouch: Hackers can reach your phone’s touchscreen without even touching it “It accepted my finger, which should not happen, since after a reboot, you must enter the lock screen PIN or password at least once to decrypt the device.”Īfter accepting his finger, the device crashed with a weird “Pixel is starting…” message, which Schütz addressed with a forced reboot. “It was a fresh boot, and instead of the usual lock icon, the fingerprint icon was showing,” Schütz recalled. After successfully completing the process, he noticed oddities in the lock screen he was confronted with. Serendipity strikesĪs explained in a blog post, Schütz came across the issue by chance when he forgot the PIN code of his Pixel phone and had to use the PUK code to regain access. The hack could be carried out with minimal technical skill against a range of mobile devices running Android, by following a series of steps.įortunately, the exploit is not something that would lend itself to remote exploitation. The vulnerability created a means for a potential hacker to bypass lock-screen protections such as fingerprint or PIN authentication and obtain physical access to a target device. Google fixed the issue (tracked at CVE-2022-20465) with a November update, allowing Schütz to go public with his findings. The vulnerability, discovered by David Schütz, meant an attacker could unlock any Google Pixel phone without knowing the passcode. Android security pwned by PUK reset trickĪ security researcher scored a $70k bug bounty payout after accidentally discovering a Google Pixel lock-screen bypass hack.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |