Finding a security flaw can pay off big! Indeed, a hacker was generously rewarded by Google for successfully bypassing the lock of a smart phone of the Pixel range.
A problem that has obviously been corrected thanks to this surprising find.
A problematic vulnerability
We can sometimes think that our smartphones are protected once the screen lock is activated (by PIN code, fingerprint or even facial recognition). However, if we are to believe this discovery made by security researcher David Schütz, this was not really the case on Google mobiles. The main interested party realized that it was ultimately very easy to bypass the security of a locked Pixel 6.
However, everything is back to normal since Google deployed its November update with the aim of removing this vulnerability named “CVE-2022-20465”. Schütz’s report was therefore extremely useful. So much so that the American firm gave him a nice check for $70,000 to thank him.
An easy-to-exploit flaw
To be able to unlock a Pixel smartphone without owning it, there were a few relatively basic steps to follow. Already, it was necessary to provide an incorrect fingerprint until the mobile came to claim the PIN code. Without turning off the device, the person then had to insert their own SIM card with a preconfigured code.
Subsequently, it was necessary to type the wrong code three times to display the request for the PUK code. Entering the latter and configuring a new PIN code was enough to complete the operation by unlocking the phone. In short, a SIM card was the only equipment needed to be able to use the Google Pixel as if nothing had happened. No need to be a professional hacker to achieve this.
Source : The Hacker News
Google Pixel 6
smartphone
release date: 28-10-2021
11