Google has paid out $70,000 to a security researcher for privately reporting an “accidental” security bug that allowed anyone to unlock Google Pixel phones without knowing its passcode.
The lock screen bypass bug, tracked as CVE-2022-20465, is described as a local escalation of privilege bug because it allows someone, with the device in their hand, to access the device’s data without having to enter the lock screen’s passcode.
Hungary-based researcher David Schütz said the bug was remarkably simple to exploit but took Google about five months to fix.
Schütz discovered anyone with physical access to a Google Pixel phone could swap in their own SIM card and enter its preset recovery code to bypass the Android’s operating system’s lock screen protections. In a blog post about the bug, publis …
