Google Pixel lock screen bypass vulnerability | CVE-2022-20465 | tCc.

OVERVIEW

A recently discovered login bypass vulnerabilities Google Pixel 6a allows an attacker to bypass the lock screen authentications to gain complete access to the user’s device.

A security researcher named David Schutz discovered a Google Pixel authentication problem that has been reported under the CVE-2022-20465.

The revealed CVE-2022-20465 has been classified under high severity by the Android Security Bulletin which will result in a privilege escalation.

Techniques Involved

1. SIM-swap lock screen bypass

SIM PIN

SIM PIN is generally used to protect your SIM card from unauthorized usage,

SIM PIN is used to Lock your SIM card with a PIN (personal identification number) which requires every time when a user restarts the device or removes the SIM card, the SIM card will automatically lock and required an key to unlock it

How to Set an SIM PIN

SIM PIN is an default feature at every android/apple device, it can be configured by following the below steps

Settings → Biometrics and security → Other security settings → SIM card lock

Working of SIM-swap lock screen bypass

SIM Swap lock screen bypass is a technique used to bypass the SIM PIN authentication by swapping a new SIM and entering an PUK code to unlock the SIM PIN.

As per the CVE-2022-20465 the attacker can successful bypass the login authentication by an simple SIM-swap lockscreen bypass techniques

1. Attacker remove the existing SIM in the mobile device and insert an new attacker SIM

2. Now and SIM PIN screen will be prompted

3. After 3 failed SIM PIN attempts it will required an PUK id to unlock the SIM Pin

4. Enter the PUK id of the SIM and set the new SIM PIN

5. The account authentication automatically bypassed

Note: The PUK (Personal Unblocking Key) code is a code consisting of 8 digits. It is used to unblock your SIM card when you entered 3 times a wrong PIN code

The lock screen PIN or password must be entered at least once after each restart of an Android device in-order to unlock it. Nevertheless, a bug causes the account to immediately unlock after entering the new SIM PIN without prompting for any PIN or password.

Mitigation: This specific vulnerability can be mitigated by an recent security patch released at November

Reference:

1. https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/

2. https://nakedsecurity.sophos.com/2022/11/11/dangerous-sim-swap-lockscreen-bypass-update-android-now/

3. https://source.android.com/docs/security/bulletin/2022-11-01