Have you ever had a situation that you suddenly forgot your password, which you typed automatically hundreds of times?
One researcher encountered this very problem when his phone had a battery life of 1%. After a while, the phone turned off, and after recharging, the researcher wanted to unlock the SIM card with a PIN … but something did not work: / So he looked for the PUK code, entered it and … the phone asked him to set a new PIN (for the SIM card).
This does not look like an obvious security issue, but the hacker tried to work out the cause of strange phone behavior. At one point, he performed such an operation:
- His phone was unlocked
- He blocked it
- He pulled out the SIM card and inserted it again
- He launched the procedure for changing the code to the SIM card (he used the PUK)
- and suddenly boom – the phone is unlocked!
The researcher commented it like this:
My hands started to shake at this point. WHAT THE F**K? IT UNLOCKED ITSELF (…) full lock screen bypass, on the fully patched Pixel 6. I got my old Pixel 5 and tried to reproduce the bug there as well. It worked too.
The CVE-2022-20465 vulnerability was patched according to the November Android security bulletin. The patch was prepared for Android 10, 11, 12, 12L, 13.
The whole process is presented on the video:
Developer:Update your Android OS for Pixel devices
QA engineer:Update your Android OS for Pixel devices
PM/DM:Update your Android OS for Pixel devices