“I found a vulnerability affecting seemingly all Google Pixel phones where if you gave me any locked Pixel device, I could give it back to you unlocked,” wrote Schutz in his blog post.
It all started when Schutz’s Pixel 6 gave up on him and quickly ran to charge the battery, only to find out that the phone was asking for the PIN code for the SIM card. He did not remember the PIN, and upon three failed attempts, the phone asked for the PUK code, which he had, and entered successfully.
This time, to his surprise, the phone opened and did not even ask for the password, showing the fingerprint icon straight away, which does not happen when the phone boots from the dead. He went ahead and unlocked the phone with his fingerprint, after which the phone got stuck on the “Pixel is starting…” indefinitely.
He repeated the same procedure repeatedly, and the phone was getting stuck on the same “Pixel is starting..” screen. However, after multiple attempts, the phone did not even ask for the fingerprint, just the PUK code, and asked to set a new PIN, after which he was on the home screen.
Schutz tried the same with his Pixel 5, and it glitched as well. The researcher notes that the bug could affect smartphones running Android 10 and later, and smartphones of other vendors besides Google could also be vulnerable.
The lock screen vulnerability, tracked as CVE-2022-20465, has been fixed in the security update released on November 5, 2022, for smartphones running Android 10 and later.
Google rewarded $70,000 to Schutz, who reported the “accidental” bug to the company privately.
!(function(f, b, e, v, n, t, s) {
window.TimesApps = window.TimesApps || {};
const { TimesApps } = window;
TimesApps.loadFBEvents = function() {
(function(f, b, e, v, n, t, s) {
if (f.fbq) return;
n = f.fbq = function() {
n.callMethod ? n.callMethod(…arguments) : n.queue.push(arguments);
};
if (!f._fbq) f._fbq = n;
n.push = n;
n.loaded = !0;
n.version = ‘2.0’;
n.queue = [];
t = b.createElement(e);
t.async = !0;
t.src = v;
s = b.getElementsByTagName(e)[0];
s.parentNode.insertBefore(t, s);
})(f, b, e, v, n, t, s);
fbq(‘init’, ‘593671331875494’);
fbq(‘track’, ‘PageView’);
};
})(
window,
document,
‘script’,
‘https://connect.facebook.net/en_US/fbevents.js’,
);if(typeof window !== ‘undefined’) {
window.TimesApps = window.TimesApps || {};
const { TimesApps } = window;
TimesApps.loadScriptsOnceAdsReady = () => {
var scripts = [
‘https://static.clmbtech.com/ad/commons/js/2658/toi/colombia_v2.js’ ,
‘https://www.googletagmanager.com/gtag/js?id=AW-877820074’,
‘https://imasdk.googleapis.com/js/sdkloader/ima3.js’,
‘https://tvid.in/sdk/loader.js’,
‘https://timesofindia.indiatimes.com/video_comscore_api/version-3.cms’,
‘https://timesofindia.indiatimes.com/grxpushnotification_js/minify-1,version-1.cms’,
‘https://connect.facebook.net/en_US/sdk.js#version=v10.0&xfbml=true’,
‘https://timesofindia.indiatimes.com/locateservice_js/minify-1,version-14.cms’
];
scripts.forEach(function(url) {
let script = document.createElement(‘script’);
script.type=”text/javascript”;
if(!false && !false && !false && url.indexOf(‘colombia_v2’)!== -1){
script.src = url;
} else if (!false && !false && !false && url.indexOf(‘sdkloader’)!== -1) {
script.src = url;
} else if (!false && !false && (url.indexOf(‘tvid.in/sdk’) !== -1 || url.indexOf(‘connect.facebook.net’) !== -1 || url.indexOf(‘locateservice_js’) !== -1 )) {
script.src = url;
} else if (url.indexOf(‘colombia_v2’)== -1 && url.indexOf(‘sdkloader’)== -1 && url.indexOf(‘tvid.in/sdk’)== -1 && url.indexOf(‘connect.facebook.net’) == -1){
script.src = url;
}
script.async = true;
document.body.appendChild(script);
});
}
}
More News
OnePlus Nord CE 4 to launch in India on April 1: Here’s what the smartphone will offer – Times of India
Xiaomi 14 series is now available in India: Sale, pre-booking and more – Times of India
Kiren Rijiju: Why Earth Sciences minister Rijiju is upset with this European IT company | – Times of India