Hacker Discovers Exploit that Unlocks Google Pixel Lock Screens

A hacker with good intentions discovered an exploit, as he typed in a PUK code for his SIM card on his Google Pixel 6.

David Schutz, the person who discovered the bug, has already reported it to Google. Reports from Android Authority stated that it worked on all Google Pixel phones, which can be quite concerning for its users.

Steps to Conduct the Exploit

Schutz posted the events that led to the discovery in his blog post. It started when his phone died mid-text, and as he turned the phone back on, it asked for the SIM's PIN code. After three wrong attempts, the SIM was locked and asked for a PUK code for it to function again. Schutz entered the PUK code and set a new PIN. It was then that he noticed the bug.

Instead of a lock icon which should appear after rebooting the phone, a fingerprint lock appeared. As he unlocked the phone with his fingerprint, the screen was stuck with the "Pixel is starting..." message. He repeated the process of rebooting the phone and typing in the incorrect PIN and entering the PUK code.

One time as he was repeating the process, he forgot to reboot the phone and just swapped the SIM. As he did the SIM PIN reset process and entered his new PIN, the phone was already unlocked. Instead of a lock screen or a fingerprint scanner, it was just the phone's home screen, thus creating an exploit for hackers.

If a hacker had physical access to the phone, a locked SIM card, the SIM's PUK code, and a pin to eject the SIM card tray, then they can access the phone. The simple process could allow access to the phone's available data, putting its user at risk. David Schutz posted a video of the entire process, proving that the exploit did work. He also tested it with the Pixel 5, which also yielded the same result.

Google Fixed It

If you're a Google Pixel user, then you don't have to worry about the bug, since Google already released a fix. All you have to do is update your phone so you'd get the November security patch, which was released on the 5th of November. Just go to your phone's Settings, then head to System. Tap on the System Update and Check for Update.

When Schultz contacted Google about the bug, they didn't respond to him right away. He tried the exploit after three months, and it still worked. He ended up explaining what happened to Google employees and demonstrated the hack inside Google's office. He managed to produce the same results and Google started to pay attention to the issue more.

David Schutz in Google's Office
David Schutz's Blog
(Photo : David Schutz's Blog)

Originally, Google gives $100,000 to the contributor, but only if they discovered it first. Schutz said that he was only the second to report the bug. However, Google still acknowledged his efforts, and it was his report that urged Google to issue a fix for the bug. Ergo, receiving the fee for the discovery of $70,000.

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

More from iTechPost

Real Time Analytics