Updated on 2022-11-13: Security researcher lands $70,000 for Google Pixel lock-screen bypass
A vulnerability in all Google Pixel phones allowed anyone to easily bypass the lock screen, according to @xdavidhu. The bug was fixed on November 5 in an Android security update and tracked as CVE-2022-20465. The bug can be exploited with physical access to a phone, and by swapping in a new SIM and entering its PUK code. Read more:
I found a vulnerability that allowed me to unlock any @Google Pixel phone without knowing the passcode. This may be my most impactful bug so far.
Google fixed the issue in the November 5, 2022 security patch. Update your devices!https://t.co/LUwSvEMF3w
— David Schütz (@xdavidhu) November 10, 2022
Overview: Major Google Pixel lock screen bypass
Security researcher David Schütz found a way to bypass the lock screen of all Google Pixel smartphones that works against all forms of lock screen protection. The attack works only if the attacker knows a SIM card’s PUK code. The vulnerability was patched in this month’s Android security updates, as CVE-2022-20465, and Schütz said he received a $70,000 bug bounty reward from Google for his finding.
Wow wow wow, all police departments in the world can now bypass Android lock screen with this simple procedure. (Assuming your phone is not yet patched) 😱 https://t.co/s1v4i1ORJr
— Marcus Maciel (@underlinux) November 10, 2022