Google recently handed out a $70,000 bug bounty reward for an Android vulnerability leading to lock screen bypass, security researcher David Schutz says.
Tracked as CVE-2022-20465, the security bug was resolved as part of the November 2022 Android patches, and could have allowed an attacker with physical access to a device to unlock it in minutes.
The issue, which Schutz accidentally discovered, could allow an attacker to unlock an Android phone by triggering the SIM PIN reset mechanism, which requires the user to enter a PUK code.
In this scenario, an attacker with physical access to a locked device would have to hot-swap the SIM card with one they own, and then enter the wrong personal identification number (PIN) three times to trigger the PIN reset process, which prompts for the SIM’s 8-digit personal unlocking key (PUK) code. The attacker is assumed to have the PUK code if they insert their own SIM card into the phone.
Once the attacker enters the PUK code, they are provided with full access to the device, without being prompted to provide the phone’s PIN, a password, or an unlocking pattern.
The vulnerability, a lock screen bypass due to an error in the “dismiss and related functions of KeyguardHostViewController.java and related files”, impacts devices running Android 10, 11, 12, and 13. Google describes the issue as an elevation of privilege bug.
The underlying issue, Schutz says, is a race condition vulnerability in a .dismiss() function called after the PUK code has been entered. The function is meant to dismiss the current security screen, which should have been the PUK prom ..
Support the originator by clicking the read the rest link below.
