Security Researcher, David Schütz, found a way to bypass the Google Pixel lock screen.
The researcher was able to use their own sim card to bypass the lock screen. Once they inserted their own pin-locked sim card, they were able to bypass the lock screen using their pin and gain access to the phone. Nothing other than physical access was required for exploitation. The attacker could just swap the SIM in the victim’s device, and perform the exploit with a SIM card that had a PIN lock.
Google awarded them $70,000 for finding the bug. Google has since fixed the issue (tracked at CVE-2022-20465) with a November update.
What is a bug bounty?
A bug bounty is a deal offered by many organizations, that promises recognition and compensation to individuals who find and report bugs, especially those pertaining to security vulnerabilities. Depending on the severity
These deals allow companies to make changes to their software/systems before the general public is aware of them. This also helps companies defend themselves against malicious hackers.
Organizations that have a bug bounty program:
- United States Department of Defense