Anyone would hate for a stranger to get access to their phone. We all go to the trouble of setting up lock screens because of this. But what if someone could get past your lock screen due to a bug? That was specifically what a hacker discovered, and it appears to be a problem with all Google Pixel phones.
Hackers can be evil or ethical. While the former uses hacking to harm others, the latter uses hacking to make things safer. David Schutz, an ethical hacker, stumbled onto a problematic defect when his Pixel 6 died as he was sending a text.
Schutz writes in a blog post that after he charged his phone and turned it on, the phone requested the PIN number from his SIM card to unlock the handset. Three incorrect attempts at the code resulted in the SIM card locking, and the phone then requested the PUK code. The device prompted him to set up a new PIN code after he input the PUK code.
After finishing all of that, he was finally returned to the lock screen, but he soon realised something wasn’t quite right.
It was a brand-new boot, and the fingerprint icon was shown in place of the regular lock icon. Since you must enter the lock screen PIN or password at least once to unlock the device after a reboot, it should not have accepted my finger. Following the acceptance of my finger, it became stuck on an odd “Pixel is starting…” notice and remained there until I restarted it.
Schutz was inspired to check into the situation more after this occurrence. After replicating the scenario several times, he concluded he had found a way for someone to quickly get past the lock screen. A locked SIM card, a device to eject the SIM card tray, and physical access to the phone were all that was required.
You may watch a video of Schutz exploiting the security hole below.
Schutz claims that after verifying the issue on a Pixel 6, he moved on to test the hack on a Pixel 5. Sure enough, it also functioned on that phone. He subsequently informed Google of the discovery and the problem. He would have received a $100K prize if he had been the first to disclose the flaw, but Schutz claims he was the second.
The hacker nevertheless received $70K because it was his tip that prompted Google to begin developing a cure. The most recent security patch, which was released on November 5, 2022, has finally corrected the vulnerability (CVE-2022-20465) that is alleged to affect all Pixel phones.
You only need to upgrade your phone with the security patch for November to resolve this issue on your Pixel. By going to Settings and selecting System, you can do that. Select System update from the System menu, then click the Check for Updates option.