Security researcher David Schütz was rewarded by Google after he discovered a serious flaw in the tech giant’s Pixel smartphones. This reward was given in cash and reached $70,000, and although the flaw was reported in June of this year, it was not disclosed until this month as part of the giant’s monthly Android update. Learn more about the failure in the following lines.
Schütz explains how the bug works on Pixel Smartphones
The code assigned to this flaw is CVE-2022-20465 and, as the researcher himself explains: “The issue allowed an attacker with physical access to bypass the lock screen protections (fingerprint, PIN, etc.) and gain complete access to the user’s device.”
The problem with the lock screen itself is that if a series of steps are followed, it is easy to bypass any form of security the user has put in place. The steps, as explained by David Schütz, are as follows:
- Supply incorrect fingerprint three times to disable biometric authentication on the locked device
- Hot swap the SIM card in the device with an attacker-controlled SIM that has a PIN code set up
- Enter incorrect SIM pin three when prompted, locking the SIM card
- Device prompts user to enter the SIM’s Personal Unlocking Key (PUK) code, a unique 8-digit number to unblock the SIM card
- Enter a new PIN code for the attacker-controlled SIM
- Device automatically unlocks
What is impressive about this flaw is that anyone with a PIN-locked SIM card and who knows the PUK code can get into these smartphones too easily. In order to patch this bug, Google had to do an analysis of the source code commits, which showed that this was caused by “an ‘incorrect system state’ introduced as a result of wrongly interpreting the SIM change event, causing it to entirely dismiss the lockscreen.”
Most impressively, Google had to drastically change a part of the Android code, much to Schütz’s surprise: “I was not expecting to cause this big of a code change in Android with this bug.”
Keep in touch with our blog to read the latest news and innovations in the cybersecurity world.
Photo by Triyansh Gill on Unsplash.
Facebook: Eagle Tech Corp
LinkedIn: Eagle Tech
YouTube: Eagle Tech Corp