Google Pixel phones were recently updated with a fix for a security flaw that allowed users to bypass the lock screen, after it was reported by a security researcher. Earlier this week, the company announced that it had begun rolling out the November Android update globally to Pixel smartphones running on Android 13. The update will be made available gradually to Pixel users over the course of the week. Next few weeks. In addition to providing bug fixes and improvements, this update also includes the November 2022 Android security patch, which includes a fix that addresses a security issue that allowed people to bypass the lock screen with SIM.
Security researcher David Schütz discovered a security vulnerability, tracked as CVE-2022-20465 in the November 2022 Android security patch update. It allows attackers with physical access to Pixel smartphones to bypass lock screen security measures such as fingerprint, PIN and pattern.
Schütz proved the error above Pixel 6, allowing people to bypass biometrics by swapping SIM cards and entering the wrong SIM PIN three times. The device will then ask for a Personal Unlock Key (PUK) code.
Enter the correct PUK code, the phone will ask for a new PIN for that SIM card. The phone will then unlock and bring the user to the home screen with full access to the device.
Schütz reported this bug to Google through the Android Vulnerability Rewards Program. After several months of waiting, he was rewarded with $70,000 (about Rs 56,57,000) for discovering a security flaw. It now is [listed] in the November security patch is a high-severity system issue. It has also been included in the Android Open Source Project (AOSP) versions of Android 10, 11, 12, 12L, and 13.
As mentioned earlier, Google has started rolled out the November 13, 2022 Android update, including the November 2022 Android security patch, for Pixel 4a and newer devices. You can check this update by visiting Setting > System > System update on eligible Pixel smartphones.