Android users have been urged to update their phones after experts discovered a bug in the Google Pixel

Android users have been urged to update their phones after an expert discovered a serious security breach.

Cybersecurity expert David Schutz accidentally revealed a hack to unlock his Google Pixel devices without knowing the passcode.

The security researcher explained on his blog that he accidentally ran into the problem when he forgot his phone’s PIN and had to use a PUK (Personal Unlocking Key) code to regain access. After completing the steps, Schutz noticed a security vulnerability.

“It was a new shoe, and instead of the usual lock icon, a fingerprint icon appeared,” he wrote.

“You kissed my finger, and this should not happen, because after rebooting, you must enter the lock screen PIN or password at least once to decrypt the device.”

Schutz exploited the error in a video posted to YouTube.

Stream more tech news live and on demand with Flash. More than 25 news channels in one place. New to Flash? Try 1 month for free. The offer is available for a limited time only>

This means that if someone gains access to your phone, they will intentionally enter three incorrect fingerprint scans and temporarily disable biometric features.

A potential hacker can remove your SIM card and replace it with their own in your phone.

They may enter three PIN attempts incorrectly before being asked to provide the PUK code for the SIM card that will now be their SIM card.

After that they enter the PUK code and then they can reset the PIN.

“That was disturbingly strange,” Schutz said. “My hands started trembling at this point.”

Security & bug bounty tested the same steps on Google Pixel 5 and got the same result.

High risk, this action can only be required if someone physically has your phone.

According to Schutz, the unusual error involved swapping SIM cards.

The serendipitous discovery led Schütz to report the problem to Google to the owner of the operating system.

The tech giant pushed out an update to fix the issue, three months after Schutz notified the company.

Schutz claims that Google rewarded him with $70,000 for helping him find the bug.

“Although this bug started out as a not-so-great experience for me, the hacker, after I started ‘shouting’ loud enough, noticed and really wanted to fix what went wrong,” he said.

“Ultimately, I think Google did well, although the fix timeline is still a long way for me.”

The fixed Android bug is included in the November 5, 2022 security update.

Originally Posted Android users urged to update their phones after expert discovered bug

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *