Vulnerability in Android, allowing to circumvent screen lock

In the platform Android identified ​​vulnerability (CVE-2022-20465), which allows to turn off the lock lock by rearranging the SIM card and entering the PUK code. Возможность отключения блокировки продемонстрирована на устройствах Google Pixel, но так как исправление затрагивает основную кодовую базу Android, вероятно As the problem applies to firmware from other manufacturers. The problem is eliminated in November safety corrections for Android. The researcher received a notion to the problem from Google a reward, the size of 70 thousand dollars.

The problem is caused by incorrect unlock processing after the introduction of the PUK code (Personal Unblocking Key), used to resume the operation of the SIM card, blocked after multiple incorrect administration of the PIN code. To turn off the screen lock, it is enough to install your SIM card on the phone, which has a PIN-based protection. After changing the SIM card protected by the PIN code, the PIN code is initially displayed on the screen. If you enter the PIN code three times incorrectly, the SIM card will be blocked, after which the PUK code will be allowed to unlock. It turned out that the correct input of the PUK code will not only unlock the SIM card, but leads to the transition to the main interface bypassing the screen of the screen, without confirming access using the main password or graphic key.


Уязвимость вызвана ошибкой

/Media reports.