November Android update contains a correction of an unusual error that can allow the attacker to circumvent the Google Pixel lock screen. Researcher David Schyutz reported vulnerability, and back in June of this year.
According to Shutz, the gap in defense was discovered by accident-he just forgot his PIN code, introduced the wrong three times, after which the SIM card was blocked.
But the researcher was not at a loss and decided to unlock the phone using a PUK code. And it worked – he managed to easily access the device without introducing the correct PIN code.
Realizing that the circuit bypassing the screen works on the Pixel 6, Shutz decided to repeat it on his old Pixel 5. There he also worked.
Now this vulnerability is monitored under the identifier CVE-2022-20465, and the researcher told how to reproduce it in five simple steps:
Enter the wrong PIN code three times;
quickly replace the locked SIM card with another, from which you know PIN and PUK codes;
Enter the eight-digit PUK code of the new SIM card;
Enter the new PIN code of the device;
Ready! The device is unlocked!
Google has already paid a reward to the researcher in the amount of $ 70,000 for such an unusual find.