Discovery of vulnerability in Pixel smartphones earns 'bug bounty hunter' $70,000

 

The discovery of a vulnerability in Google Pixel smartphones earned Hungarian David Schütz $70,000. It found a way to bypass the lock screen of Android devices.

Although David is commercially a "bug bounty hunter", he discovered this vulnerability by accident after forgetting his SIM card's PIN. After entering the PUK code, he noticed that his phone was unlocked without asking for a preset PIN/password.

Further investigation showed that only biometric security still works after entering the PUK code and that if 'disabled' beforehand (using false fingerprints several times), the phone will be unlocked immediately after entering that PUK code.

Permission required to view YouTube

This place contains external content from YouTube. Viewing this content may cause YouTube to place cookies on your computer or other device. To do this, you must first grant explicit permission.

Thus, a malicious person can unlock your phone by changing the SIM card, entering some wrong codes and then entering the correct PUK code.

David reported the issue to Google, and after months of waiting, uncertainty about a possible bounty, and even some threats about David revealing the vulnerability, the workaround was finally patched in Android's security update (CVE-2022-20465). moon.

The fact that the patch is included in the general Android update and therefore not released separately for Pixel devices alone may mean that the vulnerability is also present on other Android devices that have not yet been updated. In any case, David is rewarded with $70,000 for his efforts.

Source: David Schutz's Blog

Source: Hardware Info

Comments

Post a Comment

Popular posts from this blog

New chipsets from MediaTek with up to 100% better CPU performance for low-end Chromebooks

Image
 MediaTek has released two new chipsets for Chromebooks: Kompanio 520 and Kompanio 528. These are designed for low-end Chromebooks, but are a big upgrade over the previous Kompanio 500 series: up to 100% more CPU performance, 20% more CPU performance. More than 1,000 improvements in GPU performance and better efficiency for longer battery life. The Kompanio 520 consists of two Arm Cortex-A76 (2 GHz) and six Cortex-A55 (2 GHz) cores with Arm Mali G52 GPU. It looks like the Kompanio 528 is a slightly overclocked version, clocked at 2.2 GHz for the two A76 cores. Chromebook with Kompanio 500 series chipset from Lenovo. Resolutions up to 2520 x 1080 (60 Hz) for the internal display and up to 1920 x 1080 (60 Hz) for the external monitor are supported. In addition, webcams of up to 32 megapixels (with full HD recording up to 60 fps) and WiFi 6 are supported. MediaTek didn't stand still last week: In addition to these Chromebook chips, a Pentonic 1000 chipset for 4k smart TVs was launched
Read more