November security patch fixes Pixel lock screen bypass bug

Google’s November 2022 security patch dropped for Pixel phones a few days ago, and, if you haven’t already updated your Pixel phone, you should. The update includes a fix for a security flaw that could allow someone to bypass the phone’s lock screen using a SIM card.

David Schütz discovered the issue and detailed it in a blog post and video. While the post is well worth a read if you’re interested in this kind of thing, the short version is that someone with physical access to a Pixel device could bypass lock screen protections, including the fingerprint and PIN, and gain access to the phone.

To do so, all an attacker would need to do is swap the SIM card in the phone. In the video, Schütz shows himself swapping a SIM card into a locked Pixel 6, which then asks for the SIM PIN. After entering that wrong three times, the Pixel asks for a personal unblocking key (PUK), which is used to reset a SIM PIN if a user forgets it. However, in the case of Pixel phones, after entering the PUK and typing in a new SIM PIN, the phone unlocks.

Put another way, an attacker would only need a SIM card with a SIM PIN a PUK code that they know to gain access to any Pixel smartphone. The November 2022 security patch, which is now available for the Pixel 4a and newer, fixes the problem.

Frustratingly, Schütz reported the security flaw to Android’s Vulnerability Rewards Program in the middle of 2022, but Google didn’t do anything until September after some in-person prodding. Still, Schütz got a $70,000 USD reward (about $93,703 CAD), which is a good chunk of change for spotting the flaw.

Source: Schütz Via: 9to5Google

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.