David Schütz, a bug hunter, discovered a clever way to unlock any Google Pixel phone without a passcode — and the vulnerability may affect swaths of other Android phones as well.
According to a post on Schütz’s blog, the vulnerability is exploited by using another SIM card. First, a hacker with physical access to the phone would input three incorrect fingerprint scans, causing biometrics to be disabled.
From there, a hacker would remove the original SIM card and replace it with their own. They would then input the wrong PIN to unlock the foreign SIM.
This causes the phone to instead ask for the SIM’s PUK code, or Personal Unlocking Key, which the hacker would know since they’ve placed in their own SIM. When that’s inputted, the phone inexplicably unlocks to the home screen.
And this was no fluke: Schütz says he was able to replicate this multiple times, both on a fully updated Pixel 6 and an older Pixel 5.
“My hands started to shake at this point,” Schütz said in the post. “‘What the f**k? It unlocked itself?'”
- Android phone owner accidentally finds a way to bypass lock screen BleepingComputer
- Researcher stumbles across a dangerous Android flaw that bypasses the lock screen PhoneArena
- Guy Discovers a Way to Unlock Any Pixel Phone Without the Passcode Futurism
- One-minute hack allowed lock screen bypass on Android, current Pixels are safe Android Police
- Major Pixel security bug finally fixed by Google with November patch PhoneArena
- View Full Coverage on Google News