$70,000 Bug Let Hackers Bypass Google Pixel Lock Screen Pattern & Password
by Kitang - 07-20-2023, 03:47 AM
#1
$70,000 Bug Let Hackers Bypass Google Pixel Lock Screen Pattern & Password

Source:
https://cybersecuritynews.com/70000-bug-...-password/

[Image: Google%20Pixel%20Lock%20Bug.jpg]

David Schütz, a security researcher, has identified a critical bug in the Google Pixel phones that allow hackers to bypass the passcode and pattern lock with the consent of having physical access to the vulnerable device.

A critical Lock screen bypass bug allows anyone to bypass all formats of lock screen protections including fingerprint, pattern, and PIN, by swapping the new SIM with the help of a PUK code.

A local privilege escalation bug resides in the Google Pixel Phone model due to a logical error in the code that allows an attacker to exploit this bug without any additional execution privileges or user interaction.

The following Android Versions are vulnerable to this bug:-

Android-10
Android-11
Android-12
Android-12L
Android-13
The bug was fixed by Google and released a patch update in this November Android security updates and assigned to CVE-2022-20465 with the following explanation:

“In dismiss and related functions of KeyguardHostViewController.java and related files, there is a possible lock screen bypass due to a logic error in the code.”

Bypass Google Pixel Lock Screen
The researcher explained this bug with a simple SIM Swapping technique that required a new SIM with the PUK code that trigger the bug to bypass the screen and unlock the Pattern, passcode, and fingerprint.

PUK (Personal Unlocking Key) Code is used to unlock the SIM card PIN number when the user forgot and types the wrong PIN code consecutively 3 times. The PUK code can be found printed on the SIM card package.

The bug was trigged and exploited under the following steps that were performed by the researcher.

Lock the vulnerable Pixel Phone and type the wrong PIN 3 times.
Perform Hot Swap, a new SIM will be replaced with the old SIM on the same SIM tray.
Now attempt to reset the PIN by entering the PUK code assigned to the new SIM card (An Attack SIM)
As soon as the attacker types the PUK code, the Phone will let them in by allowing them to change the new PIN.
“I realized that indeed, this is a got damn full lock screen bypass, on the fully patched Pixel 6. I got my old Pixel 5 and tried to reproduce the bug there as well. It worked too.” The researcher said in his public write-up.


https://youtu.be/dSgSnYPgzT0

“After PUK unlock, multiple calls to KeyguardSecurityContainerController#dismiss() were being called from the KeyguardSimPukViewController, which begins the transition to the next security screen, if any.”

At the same time, other parts of the system, also listening to SIM events, recognize the PUK unlock and call KeyguardSecurityContainer#showSecurityScreen, which updates which security method comes next.

After boot, this should be one of PIN, Password, or Pattern, assuming they have a security method.

If one of the first dismiss() calls comes AFTER the security method changes, this is incorrectly recognized by the code as a successful PIN/pattern/password unlock. said in the Android Bug report.

Patch Advisory & Rewards:
Google has acknowledged the bug after multiple reporting attempts by the researcher and rewarded $70k, once the Android security team was able to reproduce the bug. The same bug was reported earlier this year at that time they weren’t able to reproduce the same bug.

“The same issue was submitted to our program earlier this year, but we were not able to reproduce the vulnerability. When you submitted your report, we were able to identify and reproduce the issue and began developing a fix.” Google said during the bug report communication.

“We typically do not reward duplicate reports; however, because your report resulted in us taking action to fix this issue, we are happy to reward you the full amount of $70,000 USD for this LockScreen Bypass exploit!”

How to fix:

Update your device to the November 5, 2022, Security Update.
An update can be triggered manually by going to Settings -> Security -> Security update -> Check for update. You might have to do it multiple times.
More info about updating a Pixel device at the official help page.
Affected devices:
Seemingly all Google Pixel devices.
Since the patch is in AOSP, other Android vendors might be affected.
If you can’t update:
Turn off your phone before leaving it unattended.
This prevents access to the encrypted user data, but might still allow persistence.
Reply
#2
How lucky omg
Reply
#3
(07-30-2023, 06:04 PM)EraMera Wrote: How lucky omg

you consider this luck?
Reply
#4
wasnt this late 2022?
Reply
#5
@Beelzebub article says update device to  November 5, 2022
so yes i assume you are right
Reply
#6
damn boy
Reply
#7
Are other brands affected as well?
Reply
#8
.....
Reply
#9
Google never learns I guess
Reply
#10
wait is it work just on pixel generation?
and if it work on all android is there any bypass?
and could anyone explain how is it work?(i mean the controlled sim)
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  TeamTNT's Cloud Credential Stealing Campaign Now Targets Azure and Google Cloud Kitang 9 4,989 04-02-2024, 07:59 AM
Last Post: jmr86343
  Will the Guyanese Venezuelan border conflict arise some hackers from both parties? 4444z 1 906 11-26-2023, 08:40 PM
Last Post: synarchy

Forum Jump:


Users browsing this thread: 1 Guest(s)