If you haven’t yet updated your Google Pixel with the November security patch, you might as well not give your smartphone to anyone. A simple SIM card can unlock your phone. Here’s an inappropriate story of this extreme vulnerability, thankfully now fixed.
Simple SIM card. It takes a bad guy up to the latest November security patch to access data stored on your Google Pixel.
How does this bug work?
The idea is simple: insert a SIM card into the Pixel, then enter three false PIN codes. There the Pixel asks for the PUK code of the SIM card. Once you enter it, you just need to create a new PIN code, it doesn’t even ask for a device password to access it.
Here’s the full process on video:
David Schutz briefly explains the reasons for this error on his blog. Android seems to have a concept of a “security screen”, which can be a number of different things. This could be a lock screen with a PIN code, a screen asking for a fingerprint, or a screen asking for a PUK code.
According to Bug Hunter’s description, some screens are prioritized over others. Once the PUK code was entered, it sent a command to disable low-priority screens. Google engineers seem to have reworked the system to prevent this kind of error from happening again.
Months of waiting
As the patch fix was applied to AOSP versions of Android 10, 11, 12, 12L and 13, the bug may affect a large number of devices. If you’re a Pixel owner (Pixel 4A or newer), you can now update your device with the November security patch to avoid this vulnerability.
Bug hunting may pay off with Google still awarding developer $70,000 for warning Mountain View company of “very serious system problem”
We invite you to follow us Download our Android and iOS app. You can read our articles, files and watch our latest YouTube videos.