[removed]

Possibly this was kept as backdoor for government agencies 👀

What about encrypted devices? I expect Android can't unlock the storage without the security code, so it should be logically impossible to dismiss that dialog and still start the device?

That’s conspiracy whilst google patched it last week.

If the gov REALLY wants something from you, there are many many other ways than asking a tech giant to manufacture a front door (because that’s not a back door), and making it look like a bug, only temporary.

Reported in June. Not fixed until November. Holy shit. This is huge. Why is no one else talking about this?

[deleted]

Yes, the bypass doesnt work after a fresh reboot. On a device that was atleast once unlocked after boot, it works no problem.

It looks like you don't need to shut down the device. So if it's already on when stolen your screwed.

Because it isn’t apple.

And I say that with zero intention on trying to start a flame war.

I say that because due to various reasons whenever apple has a flaw like this everyone knows about it very quickly after reported. And by everyone, I mean everyone.

There was a hands on device vulnerability in iOS last year or the year before, that my wife asked me about wondering if she needed to upgrade iOS asap. She is not tech savvy and I’m the only one in her life that is.

The inverse is, when there’s a similar exploit for non-apple devices, even people in the field can miss it. A friend of mine is a decent techie. Works in IT, and one of their specialities at the company he works for is security.

But the last few vulns for android that have popped up, I’ve been the one notifying him — he an android user and apple hater, me somewhat agnostic — of those vulnerabilities. Meanwhile, he texts me the instant there’s public word of an iOS or MacOS exploit lmao (not even joking, his hated is not healthy imo, but I guess tribalism is society these days…)

The sad part is, if this was apple, after just an hour this post would be front page back in June. And then there would be reposts of the same blog articles across dozens of subs that also would have been top of their sub with hundreds of comments and every month since June there’d have been more articles bubbling to the top with titles like “how hasn’t apple fixed this yet?” Or “Tim cook should resign in face of deflategate” wait that’s another thing entirely

As if 20 minutes with a rubber hose wouldn’t get the same results and more, for less money and exposure.

Seems like a major over look on androids part. And now on the medias part.

Or a pitcher of water and a towel

What bout android 8?

Thing with iPhones is, you know if you're affected or not. I've recently returned to Android and I have no clue if my Poco is affected or not. And knowing Xiaomi, it's either not affected because it's so modified or it is affected and won't be fixed even months after Google fixes it in AOSP repository.

I hope you all noticed the "started from an unlocked state"-statement.

The article mentions you either run into fingerprint unlock screen (when starting from a locked screen or after restart) OR you start from an unlocked screen (which makes the hack just a waste of time as its already unlocked).

That's not how I read this: they started from an unlocked state to get passed the fingerprint unlock screen. Did I miss something?

...except the patch is already available for all Android devices running Android 10+, which includes all Pixel 4 devices.

[deleted]

Whilst?

Lol, its not as big people are making it to be. Basically the person needs to know the Sincard unlock code and even after that the device will ask for a fingerprint.

What is an “attacker controlled sim”?

My Apple Watch can unlock my iPhone. Last week as I was putting on my Watch, I had my iPhone nearby and it unlocked my iPhone before I had a chance to unlock my Watch first.

Edit: Never mind. I was mistaken. See below.

Right, so for anyone who didn't read the article:

1. The only way to get inside the phone was either with a correct fingerprint OR if he started in UNLOCKED STATE. Meaning that this was all useless because why would you do all that if you already have access?

2. This was only possible on two Pixel phones, not Android as a whole. Kind of stupid to write a title like that.

And it was only reproduced on two Pixel models, not Android as a whole as the title might mislead people to believe.

A sim the attacker knows the PUK code of.

That’s not true, that’s not how it works at all.

Apple Watch can only unlock your phone if it is already unlocked. And it only tries to unlock your phone after it fails to unlock via FaceID because you’re wearing a mask or something.

I know that’s how it’s supposed to work, but I saw it unlock my iPhone without the Watch not even being on my wrist yet.

Edit: Never mind. I was mistaken. After trying to replicate it a few times, it seems that what actually happened is I had my iPhone in front of me, my face unlocked the iPhone and then my iPhone unlocked my Watch the moment I got it in my wrist. I misread the notification telling me that my iPhone unlocked my Watch as if it were saying my Watch unlocked my iPhone.

1. Unlocked state here means at some point the phone has been unlocked at least once for the encryption. If someone stole your phone after you’ve used it one, they’d be able to bypass the unlock screen.

2. That’s just what the discoverer of the exploit was able to test it on. There have been other reports it’s worked on non-pixel phones or custom android distributions.

Why is Apple so good?

I'm saying this as someone who thoroughly enjoyed the iPhone 3, 3g, and iPhone 4.

>accidentally finds a way

Whips out "attacker controlled sim"

[deleted]

Read the researcher’s work here, which shows how this is not an issue as the attacker can trivially do a SIM swap.

What software is better on it?

And wym implementation

The only time I've delat with Apple support, it's been the phone(battery )breaking and them telling me to buy a new device lol. Fortunately they got sued for It I think

Which has also been patched already

[deleted]

>Unlocked state here means at some point the phone has been unlocked at least once for the encryption

That is not what the article says.

[removed]

I don’t understand it for the life of me. When I don’t use a company’s product I simply don’t think about them. I think some people just bask in schadenfreude as a hobby.

And every Pixel phone from the Pixel 4 and earlier will have this fatal flaw, since Google refuses to continue security updates.

Hey Now! We can't have people choosing not to upgrade their perfectly functional old phones to the newest and most expensive ones.

They start from a locked state in the video.

Ehhh I don't even put a lock on my phone I'm mentally disabled and can't remember passwords easily everything I have is written on the phone and if I get locked out I'm screwed

Still bagged the guy 70 large in reward money from Google, not a bad days work at all. Did I read that right 70 grand???

the new software is too demanding for old hardware.

although, it seems like it would add a few jobs for the economy if google had a division for keeping their old code up to snuff.

or even allow opensource devs to do it. that would be cool too.

its alot more than two pixel models. other brands are affected. i've tested on zenphone 9 and even lineage OS. with latest updates. older phones that dont have any more updates are also affected.

[deleted]

[deleted]

for example 3dollar prepaid simcard.

[deleted]

Plenty of people are, you might just not roll with the cybersecurity crowds.

Uh not to deflate you, but my work is predominantly apple and what I monitor for security flaws, but I utilize Android devices personally.

I naturally come across research for apple devices but we have no Android for our MDM so it isn't pertinent to our mission.

[deleted]

That came from the original source: https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/

>>> As I did before, I entered the PUK code and choose a new PIN. This time the phone glitched, and I was on my personal home screen. What? It was locked before, right? This was disturbingly weird. I did it again. Lock the phone, re-insert the SIM tray, reset the PIN… And again I am on the home screen. WHAT? My hands started to shake at this point. WHAT THE F**K? IT UNLOCKED ITSELF?

Article could be wrong or wording it poorly

Not fair. That wasn't in the first paragraph.

[removed]

The attacker controlled Sim is just there to show how an attacker would get in. You could do it with the Sim that was already in there but you need to know what the pku code is. This is how the researcher originally discovered the flaw.

[removed]

Especially when Google loves to slam others for vulnerabilities. Don't they just post the exploit if it isn't fixed in 2 or 3 month? God forbid when they have an issue though.

It's nitpicky but for the sake of accuracy it should be said that Google's Pixel phones have held the crown of best camera processing software for some time now.

With Apple's new(ish) custom silicon I'd agree that their implementation of certain features is still top notch, but they'll have to work to keep that lead.

Just out of curiosity if anything has improved. It mostly hasn't. Have plans to buy Galaxy S23 if it'll be any good, but couldn't wait for that long.

dictionary.com

That's an awfully convenient excuse. I'm sure if they wanted to they'd find a way to get new security updates on much older hardware, but they won't do that because then no one would abandon their otherwise perfectly functioning phones. And I say this as a lifelong pixel user.

They knocked that shit off quick when MSFT formed the "Fuck Google" research group.

​

Now they're (surprisingly /s) more flexible.

https://www.dictionary.com/browse/whilst

This is also an incredibly specific use case. You need to have the phone configured with a PIN locked SIM.

How about android 9 or 8?

Completely disagree on software.

Speaking as someone who owns an Android phone (Pixel), an iPad, a Windows PC, a macbook pro, and uses Linux for work, so I use a bit of everything.

They get a lot of low-level software stuff right, certainly, especially for a company that's making a lot of bespoke proprietary hardware. But their frontend and first party stuff is... not great.

iOS's notification system is still leagues behind Android, and I find the less I use Apple's first party software on macOS the better. "Ecosystem integrations" like sidecar are so unreliable that I've given up trying to use them, Stage Manager are really half-baked (iOS) or seem to duplicate existing features (macOS), etc. Settings and breadcrumbs on iOS are still a headache. iTunes is somehow still one of the worst interfaces I've ever used, people just don't notice as much because it's rarely needed anymore. Finder is still my least favorite default file manager across any desktop OS. Files on iOS only recently became what I'd consider non-alpha quality.

Main reason I have the macbook pro (M1) and iPad is the hardware. Apple's made some flubs on hardware too of course (most of the MBPs from 2016 up until the new M1's for example), but a lot of their more recent stuff is very solid on that front.

[removed]

By Android phone owner, they mean Security researcher, and by accidentally, they mean this convoluted 5 step process...

I'm not saying it isn't terrible that you could bypass the lock screen, but lets not pretend that some one just accidentally swiped diagonally or something and the phone opened.

Test it?

There is a way to bypass the lock screen while starting my Samsung Galaxy s10e.

When you boot up, it has to load all settings or something like that, and at the right point in boot up it will allow you to navigate the phone before everything has loaded.

It may push you to the lock screen once that has configured, I don't do it often, but it may be a legitimate variation of this "news" story.

I hope you notice that you’re completely incorrect.

Classic that the top level comment and it’s most upvoted reply are completely false if you bother to read the article in its entirety, or you know, watch the video included…

You were screwed. They fixed it.

For what it's worth, my Pixel did not notify me of this security update. I had to manually update my phone to get this patch.

[deleted]

Backport the patch the old versions of the OS. Apple has done this in the past when faced with similar issues.

Bleepingcomputer misrepresenting information to sell ad Clicks? That's unpossible!

Sweet Potato ?

If you read the full writeup by the guy who found it, he starts from a fresh, locked, encrypted reboot. You could hand me your phone off and I could do it.

Nah, more likely the testers didn't bother with the PUK because they forgot that still exists.

When a phone is rebooted, a password must be entered before touch id or face id will work.

In this context, "unlocked" doesnt mean you start from the home screen - it means the password was entered at some point since the phone was last booted up and is now in an unlocked state where touch/face id can be used.

Can bypass my fingerprint scanner on my note 10 by turning on the screen and tapping the fingerprint sensor with anything while shutting the screen off at the same time. Works 1/10 or so times

Hurray the English language! In this instance 'by accident' would mean the person was not actively TRYING to find a way to bypass the lock screen, rather that he happened across it while doing something else. They did not use the term 'accident' to imply the guy dropped his phone and it unlocked. That the entire process involves a few steps does not invalidate that it was discovered 'by accident'.

Example: Post-It Note glue and WD-40 were so totally the intended results and not 'discovered by accident' while trying to create a completely different chemical than what resulted in their experiments so we should just ignore those inventions entirely and downplay their significance cause the inventor didn't just combine two chemicals together and snap his fingers to make something appear but because they both involve a complicated process of multiple steps they couldn't possibly have been discovered by accident.

"when he tried reproducing the flaw without rebooting the device and starting from an unlocked state"

​

I found a way to by pass the lock screen

Step 1 ) Start from an unlocked state...

For anyone running Security patch November release. So most phones are still vulnerable besides Pixels

That’s why a video is embedded into the article.

The phone was unlocked. It is locked now and not restarted.

Fingerprint is disabled by failing too often.

You're likely screwed at least for a while. Running android 11 and have no updates and no recent updates

Everything's coming up Millhouse!

[removed]

Got it, thanks for clarifying.

Turns out I'd need another SIM to test it and I don't have one. Annoying.

According to his blog it also works after a reboot and that's how he found it. He later found the reboot wasn't necessary. This made it more dangerous because you need less time to get in.

The software is better because its much more optimized. Iphones have longer battery life than androids while having a smaller batter. How? Software. This is just an example.

No, that isn't how it works.

Watch the video, it has been demonstrated.

"Android phone owner accidentally" Vs. "Cybersecurity researcher"

Thats a very deceptive headline - the first one implies an everyday joe, and the second one implies a highly specialized expert in the field.

You also need access to the PUK, not something you'd have easy access to unless you already have nefarious ways to access that from the service provider.

This only applies to 2 specific models of phones - the 1000s of other android devices not affected.

Use your current sim.

Depends on what exactly works. The lock screen dismiss works everytime, that's true. But its of any use only if the device was previously unlocked with PIN/password after boot. Otherwise the phone is still encrypted and bypassing the screen is useless(you can't access any user data)

How, when you're suppose to swap it out with different one.

[removed]