The high-severity flaw, designated CVE-2022-20465, was discovered by Hungarian researcher David Schütz. It is described as a lock screen bypass caused by a logical error in the code that might result in a local escalation of privilege without the need for elevated execution privileges. Google rewards researchers $70,000 for finding a straightforward Android lock screen bypass problem.
The exploit works well to get beyond a screen lock protected by a PIN, shape, password, fingerprint, or face. First, however, the attacker must have access to an Android smartphone. After traveling for 24 hours, Schütz’s Pixel 6 died as he was sending a string of text messages, and it was then that he found the bug.
The Pixel then requested the SIM PIN code, which is different from the lock screen code and prevents someone from physically snatching your SIM and using it. This was done after plugging in the charger and rebooting the device. Unfortunately, due to Schütz’s inability to recall his code, the SIM locked after he typed three wrong digits.
Using the PUK, or personal unlocking code is the sole option to reset the locked SIM. These are frequently listed on the SIM card’s packaging or are available by dialing the customer service line of a wireless provider. Schütz used the first, which enabled him to change the PIN.
The Pixel just requested a fingerprint scan instead of the lock screen password that Android devices often seek after a reboot for security reasons.
Schütz played around with this oddity. He eventually discovered that performing these operations again without restarting the device allowed for a complete lock screen bypass—not even a fingerprint was necessary. The procedure is demonstrated below in the shared video.
Schütz tried some methods on Google Pixel 6 and Pixel 5
According to Schütz, the method worked on both his Pixel 6 and Pixel 5. On November 5, Google released the most recent Android version that corrected the issue, but thieves had at least six months to take advantage of it. Android 10 through Android 13-based devices that haven’t installed the November 2022 patch are still at risk.
Google will compensate anybody who submits lock screen bypass vulnerabilities with up to $100,000. However, because the one Schütz found had already been reported and Google could not duplicate it, Schütz was given the lower amount of $70,000 instead.
Now, this can become your chance to earn a bounty amount. If you’re searching for a quick way to make some good sum of money, you can consider finding a security hole and taking advantage of the bug bounty program. For example, one researcher accidentally found a technique to unlock Android phones without a passcode, and Google paid him $70,000 for his discovery.