Android, discovered (by accident) a trivial method to bypass the lock screen

A security researcher almost accidentally found a method to bypass the lock screen on some Google Pixel series smartphones working until last week. The method allowed anyone with physical access to a smartphone to unlock it through a simple five-step process that takes no more than a few minutes. The vulnerability was fixed with the latest patches released last week, but remained available for at least six months.

The vulnerability was brought to light last week by David Schtzwhich in his blog wrote that he discovered the problem by accident after his Pixel 6 ran out of battery power. The researcher then entered an incorrect PIN three times, recovering the blocked SIM using the PUK (Personal Unblocking Key) code. After unlocking the SIM and selecting a new PIN, the device did not ask for the password on the lock screen, only the fingerprint scan.

Google Pixel flaw allowed access to the Home without authentication

The standard, for Android devices, is that upon restart, unlocking is requested through a password or a security sequence, while unlocking via fingerprint is used only for access to the data of the terminal when it is already switched on. Schtz tried experimenting with his device and, trying to reproduce the flaw without rebooting, found that it was also possible to bypass the request for a fingerprint scanguaranteeing access to the Home of the device without the need for authentication

According to the researcher the flaw affects all Android 10, 11, 12 and 13 devices that have not been updated with the patches released in November 2022. It is clear that having access to a device is an important prerequisite, however such a bug has serious implications in certain circumstances (citizens under investigation, abusive spouses, theft of devices): just take possession of a device, use any SIM and perform the procedure to access all the data present.

The problem is caused by the incorrect closing of the keyguard following the unlocking of the SIM via PUK. In the test, when the researcher has entered the correct PUK the function “dismiss” been called twice, once by a background component that monitors the status of the SIM, the other by an element related to the PUK. This involves not only closing the security screen related to the PUK, but also closing the next security screen, which is the keyguard.

If there is no further security screen, then, the operating system offers access to the home screen and to all data on the smartphone. The bug was reported in June 2022 and was immediately recognized by Google as CVE-2022-20465. The solution provides for the presence of a new parameter necessary to close the safety screens in addition to the “dismiss” command, so that the problem cannot harm the safety of the devices. The discovery earned Schtz a $ 70,000 prize, with users able to protect themselves by installing patches released in November 2022, where available.

A 480GB SATA SSD to less than 40? Today yes, come on Amazon! Resurrect old PCs, add high-speed GB to desktop, in short, the occasion not to be missed!