Security researcher David Schütz accidentally discovered a way to bypass the lock screen on fully updated Google Pixel 6 and Pixel 5 smartphones, allowing anyone with physical access to the device to unlock it.
Exploiting the vulnerability to bypass the lock screen on Android phones is a simple five-step process that takes no more than a few minutes.
Google has fixed the security issue in the latest Android update released last week, but devices that haven't been updated are still vulnerable.
Schütz states that discovered the flaw by accident when the Pixel 6 ran out of battery When the device started it entered its PIN wrong three times. Then he had to unlock the locked SIM card with the PUK (Personal Unblocking Key).
To his surprise, after unlocking the SIM and selecting a new PIN, the device did not ask for the lock screen password, but only asked for a new fingerprint scan.
Android devices always ask for a password or lock screen pattern on reboot for security reasons, so the fingerprint unlock direction was not normal.
The researcher continued to experiment and when he tried to reproduce the flaw without restarting the device he was able to bypass the fingerprint prompt, going straight to the home screen.
The impact of this security vulnerability is quite broad, affecting all devices running Android versions 10, 11, 12 and 13 and have not been updated until November 2022.
Physical access to a device is required, but the flaw still has serious implications for people with jealous spouses, those under law enforcement investigations, owners of stolen devices, and more.
The attacker can simply use his own SIM card in the device of interest, disable biometric authentication (if applicable), enter the wrong PIN three times, provide the PUK number to gain access to the victim's device without limitations.
Schütz reported the flaw to Google in June 2022, and although the company acknowledged the bug and assigned a CVE ID (CVE-2022-20465), no update was released until November 7, 2022.
Google paid the researcher $70.000 for his find.
