Google paid $70,000 to a security researcher for privately reporting an "accidental" security bug that allowed anyone to unlock phones Google Pixel without knowing your access code.
The lock screen bypass bug, tracked as CVE-2022-20465, is described as a local privilege escalation bug because it allows someone, device in hand, to access data on the device without having to enter the passcode from the lock screen.
Resident researcher in Hungary david schutz said the bug was remarkably simple to exploit, but it took Google about five months to fix it.
Schütz found that anyone with physical access to a Google Pixel phone could swap in their own SIM card and enter its preset recovery code to bypass the Android operating system's lock screen protections. In a blog post about the bug, published now that the bug has been fixed, Schütz described how he found the bug accidentally and reported it to Google's Android team.
Android lock screens allow users to set a numeric passcode, password, or pattern to protect the data on their phone, or today, a fingerprint or facial print. Your phone's SIM card may also have a separate PIN code set to prevent a thief from physically ejecting and stealing your phone number. But SIM cards have an additional personal unlock code, or PUK, to reset the SIM card if the user incorrectly enters the PIN code more than three times. PUK codes are fairly easy for device owners to obtain, often printed on the SIM card package or directly from the cell phone operator's customer service.
Schütz found that the bug meant that entering a SIM card's PUK code was enough to trick his fully patched Pixel 6 phone and older Pixel 5 into unlocking his phone and data, without even visually displaying the lock screen. He warned that other Android devices could also be vulnerable.
Since a malicious actor could bring their own SIM card and its corresponding PUK code, only physical access to the phone is required, he said. "The attacker could simply swap the SIM on the victim's device and exploit with a SIM card that had a PIN lock and for which the attacker knew the correct PUK code."Schutz said.
Google can pay security researchers up to $100,000 for privately reporting bugs that could allow someone to bypass the lock screen, as a successful exploit would allow access to a device's data. Bug bounties are high in part to compete with efforts by companies like Cellebrite and Grayshift, which rely on software vulnerabilities to build and sell phone-cracking technology to law enforcement. In this case, Google paid Schütz a lesser $70,000 bug bounty because while his bug was flagged as a duplicate, Google was unable to reproduce, or fix, the bug reported before him.
Google fixed the Android bug in a security update released on November 5, 2022 for devices running Android 10 to Android 13.
![Pinterest](https://pinterest.com/pin/create/button/?url=https://www.trplane.com/un-simple-error-de-omision-de-la-pantalla-de-bloqueo-de-android-le-dio-a-un-investigador-70000/&media=https://www.trplane.com/wp-content/uploads/Google-Pixel.jpg&description=Google pagó $ 70,000 a un investigador de seguridad por informar de forma privada un error de seguridad "accidental" que permitió a cualquier persona desbloquear teléfonos Google Pixel sin conocer su código de acceso.){kind=link}