4/1/2023 0 Comments Pixel tools hack![]() The bug was fixed on November 5, allowing Schütz to disclose his findings and a video demonstrating the flaw. Shortly after this, Google said that even though Schütz’s report was a duplicate, it had only started working on a fix because of his submission, so the firm had decided to pay him a $70,000 bounty for the lock screen bypass. Schütz reported the issue to Google and the tech giant processed and filed the bug promptly, but remediation took far longer.Īfter telling Schütz the issue was a duplicate, and therefore not normally eligible for a bug bounty, Google failed to act for some weeks, before repeated chasing by Schütz and a demo of the exploit to Google staffers at a Google-run bug hunter event called ESCAL8 in September prompted action. The attacker could just swap the SIM in the victim’s device, and perform the exploit with a SIM card that had a PIN lock and for which the attacker knew the correct PUK code.” “Since the attacker could just bring his/her own PIN-locked SIM card, nothing other than physical access was required for exploitation. Schütz realized the hack would be easily exploited by anyone, from spies to crooks and jealous spouses. The researcher realized that he had achieved a full lock screen bypass on the fully patched Pixel 6. On one occasion he forgot to reboot the phone, and just began from a normal unlocked state, locked the device, and hot-swapped the SIM tray, before carrying out the SIM PIN reset process.Īfter following this sequence before entering the PUK code and choosing a new PIN, Schütz was presented with his unlocked home screen. ![]() Schütz decided to investigate the issue over subsequent days. “It accepted my finger, which should not happen, since after a reboot, you must enter the lock screen PIN or password at least once to decrypt the device.”Īfter accepting his finger, the device crashed with a weird “Pixel is starting…” message, which Schütz addressed with a forced reboot. ![]() “It was a fresh boot, and instead of the usual lock icon, the fingerprint icon was showing,” Schütz recalled. After successfully completing the process, he noticed oddities in the lock screen he was confronted with. As explained in a blog post, Schütz came across the issue by chance when he forgot the PIN code of his Pixel phone and had to use the PUK code to regain access.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |