A security researcher earned a $70K bug bounty from Google for reporting Google Pixel lock-screen bypass vulnerability. Google fixed the issue (tracked at CVE-2022-20465) with a November update. So, we now know how he could bypass the Lock Screen of Pixel smartphones without knowing the pin.
David Schütz, Security Research from Hungary, published a blog post with all the details. For bypassing the lock screen of a Pixel phone, one only needed a PIN-locked SIM card and SIM’s PUK code. Swap the SIM in the victim’s device and do the SIM PIN reset process.
Here is the demo video:
Schütz reported the issue to Android’s Vulnerability Rewards Program in the hope to receive the bounty. He was initially told that the vulnerability is Duplicate because someone else had already reported it. He was disappointed because this vulnerability could earn him $100k.
Two months after his initial reporting, he noticed that Google has yet to patch the vulnerability. In September, he attended ESCAL8 in London. This was Google’s bug hunter event where several Google Employees were also present. He approached some of the Google people and then demonstrated the vulnerability inside Google’s office.
Later, he also had a few calls with multiple people where he again explained the whole issue. In a few days, he received another email that brought good news for him. Even if his reporting was duplicate, it was his report that forced Google to start working on the fix. So, Google decided to reward him with $70,000 for the lock screen bypass.
The bug was fixed on November 5. So, Schütz has finally disclosed his findings.
