You are in big trouble because of this dangerous Android bug! As you know, AOSP (Android Open Source Project) is base of today’s Android devices. And a very serious vulnerability has been detected in AOSP. Bug detected in screen lock allows you to unlock the device in seconds without password/pattern!
Google Pixel Lockscreen SIM Lock By-Pass
David Schütz reported this lockscreen unlocking bug to Android’s Vulnerability Rewards Program in middle of this year, the event resulted in a $70,000 bounty and was listed under a “System” issue with a “High” severity rating in the November security patch.This exploit was identified with CVE-2022-20465 code in Android Security Patch bulletin.
To explain this lockscreen by-pass; the device password is entered incorrectly 5 times, and SIM card inserted during the coutdown period. SIM code is entered wrong 3 times and blocked. After that, PUK code is entered and new SIM code is determined. Meanwhile device skip lockscreen password/pattern and opens suddenly. This mysterious but dangerous error bypasses all Android security. Below is exploit video tested with Pixel 6 device.
This bug only affects Google Pixel devices. Other OEM devices have been tried by us but result is negative. This situation is fixed on Pixel devices with 2022-11-05 Android Security Patch (e.g Pixel 7 Pro with Android 13 QPR1 Beta). But other Pixel devices aren’t so lucky, because November Android Security Patch is currently available for Pixel 4a and newer. For example, Pixel 4 (Android 13 with 2022-10-05 Android Security Patch) unfortunately has this vulnerability. So there is a big problem for EOL (end-of-life, no getting system/security update) Pixel devices.
How to Fix This Lockscreen Bug?
We recommend Google Pixel users to update their devices immediately, those using Pixel 4a and above should definitely update and install the November (2022-11-05) Android Security patch. However, Pixel 4 and lower series users don’t have a solution for now. They have no choice but to wait for a surprise hotfix update (or a Security Patch with Google Play System Update) from Google. Stay tuned for more.