Site icon TechNewsBoy.com

This Google Pixel bug fix could have spelled trouble for all Android phones

Scott Marlette
This Google Pixel bug fix could have spelled trouble for all Android phones

A vulnerability impacting “seemingly all” Google Pixel phones could reportedly have allowed unwanted entrants access to a locked Pixel device.

According to a blog post (opens in new tab) by cybersecurity researcher David Schütz, whose bug report convinced Google to take action, the bug was only patched for the Android phones in question following a November 5 2022 security update, around six months after filing his bug report.

The vulnerability, which is tracked as CVE-2022-20465 (opens in new tab), allowed an attacker with physical access to bypass the lock screen protections, such as fingerprint and PIN, and gain complete access to the user’s device. 

How did the exploit work?

Schütz, who claimed that another researcher’s previous bug report flagging the issue was ignored, said that the exploit was simple and easily replicable.

It involved locking a SIM card by entering the wrong pin three times, re-inserting the SIM tray, resetting the PIN by entering the SIM card’s PUK code (which should come with the original packaging) and then choosing a new PIN.

Since the attacker could just bring their own PIN-locked SIM card, nothing other than physical access was required to execute the exploit, according to Schütz. 

Would-be attackers could just swap such a SIM in the victim’s device, and perform the exploit with a SIM card that had a PIN lock and for which the attacker knew the correct PUK code.

To Google’s credit, despite the seriousness of the exploit Schütz claims that after he filed a report detailing the vulnerability, Google attended to the exploit within 37 minutes.

Though Schultz didn’t provide any evidence, he posited that other Android vendors may have been affected. This is certainly possible, as Android is an open source operating system.

This isn’t the first time a security researcher has unveiled serious security flaws within Android phones, either.

In April 2022, Check Point Research (opens in new tab) (CPR) unearthed a flaw which if left unpatched could potentially have rendered a large number of Android phones vulnerable to remote code execution, due to vulnerabilities that lay within the audio decoders of Qualcomm and MediaTek chips.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – abuse@technewsboy.com. The content will be deleted within 24 hours.
Exit mobile version