A vulnerability that apparently affects “all” Google Pixel phones allegedly allowed unwanted participants access to a locked Pixel device.
According to a blog post (opens in new tab) by cybersecurity researcher David Schütz, whose bug report convinced Google to take action, the bug was only patched for the Android phones in question after a November 5, 2022 security update, about six months after submitting his bug report.
The vulnerability, which is tracked as CVE-2022-20465 (opens in new tab)allowed an attacker with physical access to bypass lock screen security such as fingerprint and PIN and gain full access to the user’s device.
How did the exploit work?
Schütz, who claimed that another researcher’s previous bug report flagging the issue was ignored, said the exploit was simple and easy to reproduce.
It involved locking a SIM card by entering the wrong PIN code three times, reinserting the SIM tray, resetting the PIN code by entering the SIM card PUK code (which comes with the original packaging), then a choose a new PIN.
Because the attacker could just bring his own SIM card with pin code, according to Schütz, nothing but physical access was needed to perform the exploit.
Potential attackers could simply swap such a SIM card in the victim’s device and perform the exploit with a SIM card that had a PIN code and of which the attacker knew the correct PUK code.
To Google’s credit, despite the severity of the exploit, Schütz claims that after submitting a report detailing the vulnerability, Google got to the exploit within 37 minutes.
Although Schultz provided no evidence, he stated that other Android vendors may have been affected. This is certainly possible, as Android is an open source operating system.
This isn’t the first time a security researcher has revealed serious security flaws in Android phones, either.
In April 2022, Check Point Research (opens in new tab) (CPR) has discovered a flaw that, if not patched, could have left a large number of Android phones vulnerable to remote code execution, due to vulnerabilities in the audio decoders of Qualcomm and MediaTek chips.