A significant security breach in all Google Pixel smartphones has been detected by YouTuber and security researcher David Schütz. The breach threatens to make Pixel devices vulnerable to bugs as any attacker can simply use a different SIM card to unlock and gain access to the Pixel devices.
Schütz claimed, “If you give me any locked Pixel device, I can give it back to you unlocked.”
Advertisement
Any attacker with physical access to the lockscreen protection method like fingerprint or PIN may find a way around to bypass it.
Advertisement
He demonstrated the whole security bypass method in a video, a locked Pixel 7 series smartphone with biometrics protection on was successfully bypassed, as shown in the video, and to do it only a separate SIM card was needed.
https://youtu.be/dSgSnYPgzT0
After swapping SIMs, “Enter SIM PIN”, prompt will request new SIM PIN code. After placing a new SIM and putting its PUK PIN code number the device gets unlocked and the attacker will get access to the device.
For unlocking the device, nothing more than a physical SIM was needed. The vulnerability could be taken advantage of with a SIM card that had a PIN lock and for which the attacker knew the right PUK code by simply swapping the SIM in the victim’s device.
Attackers can get an entire access to the user’s device, according to Schütz. But the problem now has been resolved in the Pixel device with the latest security patch update for November.
The bug just got fixed in the November 5, 2022 security update. The November security patch identifies it as a “System” issue with a “High” severity and offers a $70,000 reward for finding the cause.
Android versions 10, 11, 12, 12L, and 13 Android Open Source Project (AOSP) versions have all received the fix. For the Pixel 4a and newer, the November security patch is currently accessible.
Advertisement