The bug bounty rewards are high in part to compete with efforts by companies like Cellebrite and Grayshift, which rely on software exploits to build and sell phone cracking technology to law enforcement agencies. Google can pay security researchers up to $100,000 for privately reporting bugs that could allow someone to bypass the lock screen, since a successful exploit would allow access to a device’s data. “The attacker could just swap the SIM in the victim’s device, and perform the exploit with a SIM card that had a PIN lock and for which the attacker knew the correct PUK code,” said Schütz. Since a malicious actor could bring their own SIM card and its corresponding PUK code, only physical access to the phone is required, he said.
#PIXEL 3 THIEF BACKGROUND ANDROID#
He warned that other Android devices might also be vulnerable. Schütz found that the bug meant that entering a SIM card’s PUK code was enough to trick his fully patched Pixel 6 phone, and his older Pixel 5, into unlocking his phone and data, without ever visually displaying the lock screen. PUK codes are fairly easy for device owners to obtain, often printed on the SIM card packaging or directly from the cell carrier’s customer service. But SIM cards have an additional personal unlocking code, or PUK, to reset the SIM card if the user incorrectly enters the PIN code more than three times. Your phone’s SIM card might also have a separate PIN code set to block a thief from ejecting and physically stealing your phone number. In a blog post about the bug, published now that the bug is fixed, Schütz described how he found the bug accidentally, and reported it to Google’s Android team.Īndroid lock screens let users set a numerical passcode, password or a pattern to protect their phone’s data, or these days a fingerprint or face print. Schütz discovered anyone with physical access to a Google Pixel phone could swap in their own SIM card and enter its preset recovery code to bypass the Android’s operating system’s lock screen protections. Hungary-based researcher David Schütz said the bug was remarkably simple to exploit but took Google about five months to fix. The lock screen bypass bug, tracked as CVE-2022-20465, is described as a local escalation of privilege bug because it allows someone, with the device in their hand, to access the device’s data without having to enter the lock screen’s passcode. Google has paid out $70,000 to a security researcher for privately reporting an “accidental” security bug that allowed anyone to unlock Google Pixel phones without knowing its passcode.
0 kommentar(er)
