“It was a fresh boot, and instead of the usual lock icon, the fingerprint icon was showing,” Schütz recalled. After successfully completing the process, he noticed oddities in the lock screen he was confronted with. ![]() ![]() Serendipity strikesĪs explained in a blog post, Schütz came across the issue by chance when he forgot the PIN code of his Pixel phone and had to use the PUK code to regain access. The hack could be carried out with minimal technical skill against a range of mobile devices running Android, by following a series of steps.įortunately, the exploit is not something that would lend itself to remote exploitation. The vulnerability created a means for a potential hacker to bypass lock-screen protections such as fingerprint or PIN authentication and obtain physical access to a target device. Google fixed the issue (tracked at CVE-2022-20465) with a November update, allowing Schütz to go public with his findings. The vulnerability, discovered by David Schütz, meant an attacker could unlock any Google Pixel phone without knowing the passcode. Android security pwned by PUK reset trickĪ security researcher scored a $70k bug bounty payout after accidentally discovering a Google Pixel lock-screen bypass hack.
0 Comments
Leave a Reply. |