Connect with us
X
Categories:

Technology

Google Pixel screen-lock hack nets researcher $70,000

Published

on

Google Pixel screen-lock hack nets researcher $70,000
Share this post:

A security researcher scored a $70k bug bounty payout after accidentally discovering a Google Pixel lock-screen bypass hack.

The vulnerability, discovered by David Schütz, meant an attacker could unlock any Google Pixel phone without knowing the passcode. Google fixed the issue (tracked at CVE-2022-20465) with a November update, allowing Schütz to go public with his findings.

The vulnerability created a means for a potential hacker to bypass lock-screen protections such as fingerprint or PIN authentication and obtain physical access to a target device. The hack could be carried out with minimal technical skill against a range of mobile devices running Android, by following a series of steps.

Fortunately, the exploit is not something that would lend itself to remote exploitation.

Serendipity strikes

As explained in a blog post, Schütz came across the issue by chance when he forgot the PIN code of his Pixel phone and had to use the PUK code to regain access. After successfully completing the process, he noticed oddities in the lock screen he was confronted with.

“It was a fresh boot, and instead of the usual lock icon, the fingerprint icon was showing,” Schütz recalled. “It accepted my finger, which should not happen, since after a reboot, you must enter the lock screen PIN or password at least once to decrypt the device.”

After accepting his finger, the device crashed with a weird “Pixel is starting…” message, which Schütz addressed with a forced reboot.

Schütz decided to investigate the issue over subsequent days. On one occasion he forgot to reboot the phone, and just began from a normal unlocked state, locked the device, and hot-swapped the SIM tray, before carrying out the SIM PIN reset process.

After following this sequence before entering the PUK code and choosing a new PIN, Schütz was presented with his unlocked home screen.

The researcher realized that he had achieved a full lock screen bypass on the fully patched Pixel 6. The same trick worked on a Pixel 5.

Schütz realized the hack would be easily exploited by anyone, from spies to crooks and jealous spouses.

“Since the attacker could just bring his/her own PIN-locked SIM card, nothing other than physical access was required for exploitation. The attacker could just swap the SIM in the victim’s device, and perform the exploit with a SIM card that had a PIN lock and for which the attacker knew the correct PUK code.”

Patch puzzlement

Schütz reported the issue to Google and the tech giant processed and filed the bug promptly, but remediation took far longer.

After telling Schütz the issue was a duplicate, and therefore not normally eligible for a bug bounty, Google failed to act for some weeks, before repeated chasing by Schütz and a demo of the exploit to Google staffers at a Google-run bug hunter event called ESCAL8 in September prompted action.

Shortly after this, Google said that even though Schütz’s report was a duplicate, it had only started working on a fix because of his submission, so the firm had decided to pay him a $70,000 bounty for the lock screen bypass.

The bug was fixed on November 5, allowing Schütz to disclose his findings and a video demonstrating the flaw.

The researcher deduced from code changes that Android security screens can be stacked “on top” of each other.

“When the SIM PUK was reset successfully, a .dismiss() function was called by the PUK resetting component on the ‘security screen stack’, causing the device to dismiss the current one and show the security screen that was ‘under’ it in the stack,” he explained.

“Since the .dismiss() function simply dismissed the current security screen, it was vulnerable to race conditions” that meant that the PUK resetting component could dismiss a unrelated security screen, changed by a background process.

Google has changed the code, so it explicitly calls the type of security screen to be dismissed.

The Daily Swig invited Google to comment, and asked Schütz follow-up questions about his experience in bug bounty hunting and mobile security. No word back as yet, but we’ll update this story as and when more information comes to hand.


Get More Stories Like This On: Facebook: @AllNaijaEntertainment, Twitter: @AllNaijaEntertainment
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Chief Oyerigha Echo Toikumoh - The Earlier The Better
Music2 months ago

[Music] Chief Oyerigha Echo Toikumoh – The Earlier The Better

Enzo Maresca and Mikel Arteta stated they will not take Pep Guardiola's place at Manchester City
Sports2 months ago

Enzo Maresca and Mikel Arteta stated they will not take Pep Guardiola’s place at Manchester City

Alan Shearer reckons Liverpool star is ‘not going to get better’
Sports2 months ago

Alan Shearer reckons Liverpool star is ‘not going to get better’

NECO examiners threaten nationwide protest over unpaid entitlements
News2 months ago

NECO examiners threaten nationwide protest over unpaid entitlements

Jonathan congratulates Trump on historic election win
News2 months ago

Jonathan congratulates Trump on historic election win

Peter Obi can become president in 2027 — Yunusa Tanko
News2 months ago

Peter Obi can become president in 2027 — Yunusa Tanko

Dua Lipa forced to cancel show after ‘unforeseen safety issues’
Entertainment2 months ago

Dua Lipa forced to cancel show after ‘unforeseen safety issues’

Uzoamaka Onuoha wins Best Female Performance in a feature at AFRIFF 2024
Entertainment2 months ago

Uzoamaka Onuoha wins Best Female Performance in a feature at AFRIFF 2024

'Phoenix Fury' bags Best Film award at the 13th edition of AFRIFF
Entertainment2 months ago

‘Phoenix Fury’ bags Best Film award at the 13th edition of AFRIFF

Vivo begins teasing new Dimensity 9400 flagships internationally
Technology2 months ago

Vivo begins teasing new Dimensity 9400 flagships internationally

Google Pixel 11 and Pixel 11 Pro may trade performance gains for longer battery life
Technology2 months ago

Google Pixel 11 and Pixel 11 Pro may trade performance gains for longer battery life

Manchester United players warned ‘only one is safe’ under Ruben Amorim
Sports2 months ago

Manchester United players warned ‘only one is safe’ under Ruben Amorim

Austin DeAnda given impromptu makeover after he is forced to have haircut in the middle of fight
Sports2 months ago

Austin DeAnda given impromptu makeover after he is forced to have haircut in the middle of fight

IG orders punishment for errant cops
News2 months ago

IG orders punishment for errant cops

Be ready to recover stolen mandate — Ighodalo tells PDP
News2 months ago

Be ready to recover stolen mandate — Ighodalo tells PDP

No part of Ogun will be ceded under my watch — Dapo Abiodun
News2 months ago

No part of Ogun will be ceded under my watch — Dapo Abiodun

Ruger calls out auto tune and hype culture in music
Entertainment2 months ago

Ruger calls out auto tune and hype culture in music

I hate to play same role repeatedly — Actress Bimbo Akintola
Entertainment2 months ago

I hate to play same role repeatedly — Actress Bimbo Akintola

Fans split on Davido, Wizkid, and Burna Boy's Grammy nominations.
Entertainment2 months ago

Fans split on Davido, Wizkid, and Burna Boy’s Grammy nominations

Samsung Galaxy S25 Slim: Leaker reveals launch details for Samsung's rival iPhone 17 Air
Technology2 months ago

Samsung Galaxy S25 Slim: Leaker reveals launch details for Samsung’s rival iPhone 17 Air

Realme names first smartphone to get Android 15 beta worldwide
Technology2 months ago

Realme names first smartphone to get Android 15 beta worldwide

England interim manager tipped for surprise Premier League job
Sports2 months ago

England interim manager tipped for surprise Premier League job

Hakim Ziyech mocks Israeli supporters attacked in Amsterdam
Sports2 months ago

Hakim Ziyech mocks Israeli supporters attacked in Amsterdam

Court jails seven for internet fraud in Kaduna
News2 months ago

Court jails seven for internet fraud in Kaduna

Edo APC criticizes Obaseki’s last-minute appointments
News2 months ago

Edo APC criticizes Obaseki’s last-minute appointments

Edo PDP announces caretaker committee
News2 months ago

Edo PDP announces caretaker committee

Tems makes history after securing 3 nominations for the 67th Grammys
Entertainment2 months ago

Tems makes history after securing 3 nominations for the 67th Grammys

Beyoncé surpasses Jay-Z to become the most nominated artist in Grammy history
Entertainment2 months ago

Beyoncé surpasses Jay-Z to become the most nominated artist in Grammy history

Davido, Wizkid, Tems, Asake make 2025 Grammy nominations
Entertainment2 months ago

Davido, Wizkid, Tems, Asake make 2025 Grammy nominations

Davido, Wizkid, Tems, Asake make 2025 Grammy nominations
Entertainment2 months ago

2025 GRAMMY: Academy unveils category changes ahead of nomination event

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories2 months ago

[STORY] THE PASTOR’S DAUGHTER (Final Episode 13)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories2 months ago

[STORY] THE PASTOR’S DAUGHTER (Episode 12)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories2 months ago

[STORY] THE PASTOR’S DAUGHTER (Episode 11)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories2 months ago

[STORY] THE PASTOR’S DAUGHTER (Episode 10)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories2 months ago

[STORY] THE PASTOR’S DAUGHTER (Episode 09)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories2 months ago

[STORY] THE PASTOR’S DAUGHTER (Episode 08)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories2 months ago

[STORY] THE PASTOR’S DAUGHTER (Episode 07)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories2 months ago

[STORY] THE PASTOR’S DAUGHTER (Episode 06)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories2 months ago

[STORY] THE PASTOR’S DAUGHTER (Episode 05)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories2 months ago

[STORY] THE PASTOR’S DAUGHTER (Episode 04)

ANE Billboard Hots



Join "ANE sabi" clique

Don't miss a thing, get ogbonge ANE latest updates to fuel your conversation daily.