According to security researcher David Schutz, Google recently paid out a USD 70,000 bug bounty reward for an Android vulnerability that allowed lock screen bypass.
The security flaw, identified as CVE-2022-20465, was patched as part of the November 2022 Android updates and could have given an attacker with physical access to a device the ability to unlock it in a matter of minutes. Schutz unintentionally came across a bug that could enable an attacker to unlock an Android phone by activating the SIM PIN reset feature, which asks the user to enter a PUK code.
A bug in the “dismiss and related functions of KeyguardHostViewController.java and related files” makes it possible to bypass the lock screen on devices running Android versions 10, 11, 12, and 13. The problem is referred to by Google as an elevation of privilege bug.
Also Read: Strategies to Choose the Right Cybersecurity Risk Framework
Read More:Google Pays $70k for Android Lock Screen Bypass
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.