Advisory ID: NCC-CSIRT-1711-055
Summary: David Schütz, a cybersecurity researcher discovered a lock screen bypass vulnerability on his fully patched Google Pixel 6 and Pixel 5 smartphones. The issue makes it possible for an attacker with physical access to bypass the lock screen security measures (fingerprint, pin, unlocking pattern etc.) and take full control of the device.
Vulnerable Platform(s): Android Operating System
Threat Type: Vulnerability
Product : Google Pixel Android Phones
Version: Google Pixel 6 and Pixel 5
Description: According to the researcher, an attacker with physical access to a locked device would have to hot-swap (remove the SIM card from the phone while the power is still on) the SIM card with one they own, and then enter the incorrect personal identification number (PIN) three times to start the PIN reset process, which asks for the SIM's 8-digit personal unlocking key (PUK) code. If the attacker uses their own SIM card in the phone, it is assumed that they already know the PUK code. Without being asked for the phone's PIN, password, or unlocking pattern, the attacker is given complete access to the device once they enter the PUK code. The vulnerability impacts devices running Android 10, 11, 12, and 13
Consquences: Completely bypass the lock screen protections on the targeted phones
Impact/Probability: HIGH/HIGH
Solution
- Visit the following link to update your device to the most recent security patch: https://support.google.com/pixelphone/answer/4457705
-
If you cannot update your pixel phone, turn it off before leaving it unattended.
References:
-
https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/
-
https://www.securityweek.com/google-pays-70k-android-lock-screen-bypass
-
https://news.hitb.org/content/hacker-discovers-lock-screen-bypass-bug-affects-all-google-pixels
-
https://www.hkcert.org/security-news?item_per_page=10&year%5B%5D=2022&month%5B%5D=11