Final week, safety and bug count on David Schütz stumbled upon an alarming safety flaw that impacts Google Pixel telephones, which allowed anybody with bodily entry to a cellphone to bypass the lock display and acquire entry to the person’s gadget — with no need a passcode.
As Schütz notes in his weblog (through BleepingComputer), the cybersecurity researcher unintentionally discovered the bug when making an attempt to unlock his Pixel 6. After coming into the unsuitable PIN 3 times, the SIM card locked, which he then recovered utilizing the Private Unblocking Key (PUK) code.
When unlocking the SIM and setting a brand new PIN, the Pixel merely confirmed the fingerprint icon with out asking for a lock display PIN or password. This is not regular for Android telephones, as they at all times ask for a passcode when rebooting to stop attackers from accessing the cellphone.
After additional investigation, Schütz found that he might bypass the lock display and entry the gadget, even with out a fingerprint. Because of this attackers which have entry to the gadget, comparable to risk actors who steal telephones, might use their very own SIM card, put in a unsuitable PIN code 3 times, use a PUK quantity, after which entry the gadget with out even needing a fingerprint or PIN code.
The researcher demonstrates the method beneath:
Obtain Google’s November 2022 safety replace
Schütz reached out to Google to patch the safety flaw, which has now been fastened within the November 5 Google safety replace. It is value noting that he reported the bug again in June, which means the flaw has been round for just a few months.
It is a good suggestion to replace your Android gadget, with the report noting that it might have an effect on all Pixel gadgets, together with the Pixel 7 and Pixel 7 Professional, together with Android telephones operating model 10 and later. To do that, head to Settings > Safety > Safety replace > Test for replace.
For extra on the safety flaw, try the complete weblog submit. We have seen just a few safety points currently, together with this malicious Chrome extension can observe your keystrokes. To be sure you’re protected, try the finest antivirus apps.
