There’s A Way To Bypass Lock Screen On Android Phones.

by | Mar 7, 2024

On his completely patched Google Pixel 6 and Pixel 5 devices, cybersecurity researcher David Schütz accidentally discovered a way to get around the lock screen, making it possible for anybody with physical access to the device to unlock it. An easy five-step procedure that wouldn’t take more than a few minutes may be used to bypass the lock screen on Android phones.

Although Google patched the security flaw in the most recent Android version that went live last week, it has still been exploitable for at least six months.

Accidental Revelation

After his Pixel 6 ran out of energy, he made three mistakes when entering his PIN, and he was able to unlock the SIM card by using the PUK (Personal Unblocking Key) code, Schütz claims he accidentally uncovered the problem.

To his amazement, the smartphone only asked for a fingerprint scan after unlocking the SIM and choosing a new PIN instead of the lock screen password.

Going directly to fingerprint unlock was out of the ordinary for Android smartphones, which normally seek a lock screen password or pattern upon reboot for security reasons.

The researcher kept investigating and discovered that it was feasible to reproduce the bug without resetting the device and bypass the fingerprint as long as the owner has unlocked the device at least once since the reboot.

This security flaw has a wide-ranging effect, affecting all Android devices running versions 10, 11, 12, and 13 that haven’t been patched to the November 2022 level.Having the ability to physically access a device is essential.

Simply by inserting their own SIM card into the target device, the attacker can gain unrestricted access to the victim’s handset by entering the incorrect PIN three times and providing the PUK number.

Google Patch

Due to a problem in the dismiss calls that affects the stack of security screens that run beneath the dialogue, the keyguard is mistakenly dismissed after a SIM PUK unlock.

A background component that tracks the SIM status invoked a “dismiss” function twice when Schütz input the proper PUK number: once by the PUK component and once by the background component.

This led to the dismissal of the PUK security screen as well as the keyguard, the next security screen in the stack, and whichever screen was next queued.

The user would go straight to the home screen if there was no additional security screen.

Google received the vulnerability report from Schütz in June 2022, and while they accepted it and gave it the CVE ID CVE-2022-20465, they didn’t make a patch available until November 7, 2022.

Google’s fix is to add a new argument to every “dismiss” call that specifies the security technique, allowing the calls to dismiss particular categories of security screens rather than merely the one after it in the stack.

Schütz’s report was ultimately a duplicate, but Google made an exception and paid the researcher $70,000 for his discovery.

Applying the security update from November 7, 2022 will fix this bug for users of Android 10, 11, 12, and 13.