This is a rather disturbing discovery. David Schütz, a Hungarian cybersecurity specialist, discovered a flaw that makes it relatively easy to bypass the lock screen of many Android smartphones. With a simple SIM card and physical access to the phone, it is possible to unlock the phone and access its data.
A flaw fixed in the latest security patches
To be more precise, the use of the imperfect is essential, since the fault which allowed to unlock a phone has been corrected in the latest security updates deployed by Google (those of November 2022). But if your mobile has not yet received these security patches, it is possible that the flaw is still active since it affects, a priori, Android since its version 10 (released in 2019). It does not seem to affect all Android implementations, however, since testimonials on Reddit explain that Samsung or Xiaomi mobiles are not vulnerable.
This flaw, which inherited the denomination CVE-2022-20465, is relatively easy to exploit on vulnerable phones. As David Schütz shows in a video posted on YouTube, the only thing needed to bypass the lock screen of a phone (in this case a Pixel 6) is an additional SIM card, in addition to the one inserted in the phone.
Block mobile to access data
You must first block the phone by trying to unlock it multiple times with the wrong code or the wrong fingerprint. Once this step has been completed, you must change the SIM card present in the telephone, block it with 3 incorrect codes and then enter the PUK code. Once the latter has been entered and the new PIN code configured, the phone unlocks and offers access to all its data.
The problem lies in the way Android handles its various lock screens. Prior to the November patch, the SIM card lock module was sort of overlaid with that of the traditional lock screen. When the PUK code was entered, the operating system got rid of the two lock screens at once and therefore opened access to all mobile data. What offer a boulevard to ill-intentioned people who wanted to access the content of a phone.