Google Pixel Bug That Enabled Screen Lock Fixed With November Update

Google Pixel phones were recently updated with a fix for a security flaw that allowed the user to bypass the lock screen, after a security researcher reported. The company announced earlier this week that it has started rolling out the November Android update globally for Pixel smartphones running Android 13. The update will roll out to Pixel users gradually over the next few weeks. Besides bringing fixes and improvements, this update also includes the November 2022 Android security patch, which includes bug fixes that resolve a security issue that allows people to bypass the lock screen using a SIM card.

Security researcher David Schütz found security flaw, tracked as CVE-2022-20465 in the November 2022 Android security patch update. It allowed an attacker with physical access to a Pixel smartphone to bypass screen lock security measures such as fingerprint, PIN, and pattern.

Schütz demonstrated a bug in the Pixel 6, which allowed people to bypass biometrics by swapping the SIM card and entering the SIM PIN incorrectly three times. The device will then ask for a Personal Unlocking Key (PUK) code.

Entering the PUK code correctly, the phone will ask for a new PIN code for that SIM card. The handset will then unlock and take users to the home screen with full access to the device.

Schütz reported this bug to Google through the Android Vulnerability Rewards program. After waiting for several months, he was awarded $70,000 (roughly Rs. 56,57,000) for spotting a security flaw. It is now [listed] in the November security patch as a critical system issue. It was also included in the Android Open Source Project (AOSP) versions of Android 10, 11, 12, 12L, and 13.

As mentioned earlier, Google has started rolling out the November 2022 Android 13 update, which includes the November 2022 Android security patch, for the Pixel 4a and newer devices. You can check this update by going to Settings , The program , System update on an eligible Pixel smartphone.

Affiliate links may be created automatically – see our ethics statement for details.


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: