Android user stumbles upon big Pixel security flaw — update now to fix this bug

Android Phone Fingerprint Sensor
(Image credit: Getty Images / Wang Yukun)

Last week, security and bug expect David Schütz stumbled upon an alarming security flaw that affects Google Pixel phones, which allowed anyone with physical access to a phone to bypass the lock screen and gain access to the user's device — without needing a passcode.

As Schütz notes in his blog (via BleepingComputer), the cybersecurity researcher accidentally found the bug when trying to unlock his Pixel 6. After entering the wrong PIN three times, the SIM card locked, which he then recovered using the Personal Unblocking Key (PUK) code.

When unlocking the SIM and setting a new PIN, the Pixel simply showed the fingerprint icon without asking for a lock screen PIN or password. This isn't normal for Android phones, as they always ask for a passcode when rebooting to prevent attackers from accessing the phone.

After further investigation, Schütz discovered that he could bypass the lock screen and access the device, even without a fingerprint. This means that attackers that have access to the device, such as threat actors who steal phones, could use their own SIM card, put in a wrong PIN code three times, use a PUK number, and then access the device without even needing a fingerprint or PIN code.

The researcher demonstrates the process below:

Download Google's November 2022 security update

Schütz reached out to Google to patch the security flaw, which has now been fixed in the November 5 Google security update. It's worth noting that he reported the bug back in June, meaning the flaw has been around for a few months.

It's a good idea to update your Android device, with the report noting that it could affect all Pixel devices, including the Pixel 7 and Pixel 7 Pro, along with Android phones running version 10 and later. To do this, head to Settings > Security > Security update > Check for update.

For more on the security flaw, check out the full blog post. We've seen a few security issues lately, including this malicious Chrome extension can track your keystrokes. To make sure you're protected, check out the best antivirus apps

Darragh Murphy is fascinated by all things bizarre, which usually leads to assorted coverage varying from washing machines designed for AirPods to the mischievous world of cyberattacks. Whether it's connecting Scar from The Lion King to two-factor authentication or turning his love for gadgets into a fabricated rap battle from 8 Mile, he believes there’s always a quirky spin to be made. With a Master’s degree in Magazine Journalism from The University of Sheffield, along with short stints at Kerrang! and Exposed Magazine, Darragh started his career writing about the tech industry at Time Out Dubai and ShortList Dubai, covering everything from the latest iPhone models and Huawei laptops to massive Esports events in the Middle East. Now, he can be found proudly diving into gaming, gadgets, and letting readers know the joys of docking stations for Laptop Mag.