This article explains the write-up of an individual who successfully discovered the Google Pixel Lock Screen Bypass bug through Google Bug Bounty or Google VRP, which is identified as CVE-2022-20465. But before that, let’s first understand the basic explanation of lock screen bypass.
What is Lock Screen Bypass Vulnerability?
Lock screen bypass vulnerability is a type of security vulnerability that allows an attacker to bypass the lock screen protection of a device, giving them access to the victim’s personal information without knowing their password, PIN, or pattern. In the case below of Google Pixel Android devices, this vulnerability allowed an attacker to bypass the lock screen protection, including fingerprint and PIN, on any locked Pixel device.
The Story of CVE-2022-20465
An accidental discovery by a tech enthusiast named David Manouchehri, also known as xDDavidHu online, has brought to light a severe vulnerability in Google’s Pixel phone. The vulnerability allows attackers to bypass lock screen protection, including fingerprint and PIN, on any locked Pixel device. This vulnerability, which affects all Pixel phones and tracked as CVE-2022-20465, was discovered and reported to Google by David; a security update was released on November 5, 2022, addressing the issue.
David stumbled upon the vulnerability when his Pixel 6 shut down while he was sending text messages. After entering the incorrect SIM PIN three times, the SIM card locked itself, requiring a PUK code to unlock it.
Once he entered the PUK code and created a new PIN, the phone booted up with a fingerprint icon instead of the lock icon. It was then that he realized the device had accepted his fingerprint without requiring him to enter his passcode to decrypt the phone.
Further investigation revealed that attackers with physical access to the phone could exploit this vulnerability by inserting a PIN-locked SIM card and entering the correct PUK code, granting them complete access to the victim’s device. David even successfully replicated the bug on a Pixel 5, indicating that other Android vendors may also be at risk.
The Report Mark As Duplicate
Before reporting, David checked the Android VRP reward table, which promised a maximum $100k bounty if a lock screen bypass affecting multiple or all [Pixel] devices was reported. He believed that this bug had a strong chance of actually getting the maximum reward as it met all the required boxes. However, one month of silence followed after the report, during which it emerged that the Google Pixel Lock Screen Bypass bug report was a duplicate of a previously reported issue.
Get $70000 Bounty
After reporting the Google Pixel Lock Screen Bypass vulnerability to Google Android VRP or Google Bug Bounty, David posted a patch advisory and raw bug report on feed.bugs.xdavidhu.me. While relieved that the bug was fixed, he expressed concern over the potential impact of the vulnerability and the time it took to release a fix.
Base on his story, Android VRP team finally confirming that their report was a duplicate but only because of the report that they started working on the fix. As a result, they made an exception and rewarded the researcher $70,000 for the lock screen bypass.
This discovery underscores the importance of being vigilant and thorough when it comes to device security, as even the most secure devices are not immune to vulnerabilities. Promptly addressing and fixing these vulnerabilities can prevent potential exploitation by malicious actors.
How to Prevent Lock Screen Bypass Vulnerability?
To prevent lock screen bypass vulnerabilities, there are several best practices that users can follow:
- Keep your device’s operating system and applications up to date with the latest security patches and updates.
- Use a strong password, PIN, or biometric authentication (such as facial recognition or fingerprint scanning) to secure your device. This can help prevent unauthorized access to your device if it is lost or stolen.
- Avoid using public Wi-Fi networks, as they can be vulnerable to eavesdropping and other types of attacks.
- Use a reputable antivirus program to scan your device for malware and other security threats.
- Enable two-factor authentication (2FA) on your accounts to add an extra layer of security.
- Be cautious when downloading and installing apps from third-party app stores or unknown sources, as they may contain malicious code that could exploit lock screen bypass vulnerabilities.
- Keep software up to date: Developers should regularly check for security updates and patch any vulnerabilities that are discovered (developer side).
- Perform regular security audits: Developers should perform regular security audits to identify any potential vulnerabilities in their code (developer side).
- Use secure coding practices: Developers should follow secure coding practices, such as input validation and sanitization, to prevent attackers from exploiting vulnerabilities (developer side).
- Test for vulnerabilities: Developers should test their code for vulnerabilities using various techniques such as penetration testing, fuzz testing, and code reviews (developer side).
By following these best practices, users can reduce the risk of lock screen bypass vulnerabilities on their devices and protect their sensitive information from unauthorized access.
Link to read full write up: here
Save the PDF here