Android phone owner accidentally finds a way to bypass lock screen - BleepingComputer

Cybersecurity researcher David Schütz accidentally recovered a mode to bypass the fastener surface connected his afloat patched Google Pixel 6 and Pixel 5 smartphones, enabling anyone with carnal entree to the instrumentality to unlock it.

Exploiting the vulnerability to bypass the fastener surface connected Android phones is simply a elemental five-step process that wouldn't instrumentality much than a fewer minutes.

Google has fixed the information contented connected the latest Android update released past week, but it has remained disposable for exploitation for astatine slightest six months.

Accidental finding

Schütz says he discovered the flaw by accident after his Pixel 6 ran retired of battery, entered his PIN incorrect 3 times, and recovered the locked SIM paper utilizing the PUK (Personal Unblocking Key) code.

To his surprise, aft unlocking the SIM and selecting a caller PIN, the instrumentality didn't inquire for the fastener surface password but lone requested a fingerprint scan.

Android devices ever petition a fastener surface password oregon signifier upon reboot for information reasons, truthful going consecutive to fingerprint unlock wasn't normal.

The researcher continued experimenting, and erstwhile helium tried reproducing the flaw without rebooting the instrumentality and starting from an unlocked state, helium figured it was imaginable to bypass the fingerprint prompt, too, going consecutive to the location screen.

The interaction of this information vulnerability is rather broad, affecting each devices moving Android versions 10, 11, 12, and 13 that haven't updated to November 2022 spot level.

Physical entree to a instrumentality is simply a beardown prerequisite. However, the flaw inactive carries terrible implications for radical with abusive spouses, those nether instrumentality enforcement investigations, owners of stolen devices, etc.

The attacker tin simply usage their ain SIM paper connected the people device, disable biometric authentication (if locked), participate the incorrect PIN 3 times, supply the PUK number, and entree the victim's instrumentality without restrictions.

Google's patching

The contented is caused by the keyguard being wrongfully dismissed aft a SIM PUK unlock owed to a struggle successful the disregard calls impacting the stack of information screens that tally nether the dialog.

When Schütz entered the close PUK number, a “dismiss” relation was called twice, erstwhile by a inheritance constituent that monitors the SIM state, and erstwhile by the PUK component.

This caused not lone the PUK information surface to beryllium dismissed but besides the adjacent information surface successful the stack, which is the keyguard, followed by immoderate surface was adjacent queued successful the stack.

If there's nary different information screen, the idiosyncratic would straight entree the location screen.

Schütz reported the flaw to Google successful June 2022, and though the tech elephantine acknowledged the reception and assigned a CVE ID of CVE-2022-20465, they didn’t merchandise a hole until November 7, 2022.

Google’s solution is to see a caller parameter for the information method utilized successful each “dismiss” telephone truthful that the calls disregard circumstantial types of information screens and not conscionable the adjacent 1 successful the stack.

In the end, though Schütz's study was a duplicate, Google made an objection and awarded the researcher $70,000 for his finding.

Users of Android 10, 11, 12, and 13 tin spot this flaw by applying the November 7, 2022, information update.