If you own a Google Pixel, make sure you have installed the November security updates. Otherwise your device is exposed to a Lock Screen bypass vulnerability. Here’s how you can reproduce that vulnerability. Step 1, lock the device. You can do this by entering an incorrect pin or using a wrong biometric fingerprint 3 times in a row. Step 2, Remove sim card and replace with an attacker controlled SIM. Step 3, enter the incorrect SIM code 3 times to lock the SIM card. Step 4. Enter the PUK code or Personal unlocking key for the sim card. It should now prompt you to enter a new pin code for the sim card. Once you have done that, it takes you straight to the home screen. You have just bypassed the phone’s lock screen and have access to the device’s contents. This vulnerability was disclosed to Google back in June this year and the security researcher was awarded a $70K bounty. This vulnerability isn’t specific to Google Pixel and might affect other Android vendors, especially those that are no longer supported by the manufacturers.
https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/
https://portswigger.net/daily-swig/google-pixel-screen-lock-hack-earns-researcher-70k
https://feed.bugs.xdavidhu.me/bugs/0016
This segment was created for the It’s 5:05 podcast