A bug hunter named David Schütz uncovered an ingenious way to unlock any Google Pixel phone without a passcode, according to his blog post. Unfortunately, the vulnerability may impact a large number of other Android phones as well.
The technique is shockingly simple, requiring only physical access to a vulnerable phone and an extra PIN-locked SIM card. All required is to insert an additional SIM card, enter an incorrect SIM code three times, and then enter the PUK code. With those simple steps, the lock screen is gone.
In the video below, David demonstrates the whole process:
This entire situation wasn’t a coincidental occurrence. Schütz asserts that he again did the same thing on an upgraded Pixel 6 and an older Pixel 5.
“My hands started to shake at this point,” Schütz said in the post. “‘What the f**k? It unlocked itself?'”
Schütz immediately informed Google about the vulnerability. The company emailed him that the issue had already been reported and that he would not receive any prize money. Given that his discovery compelled them to resolve the defect, their attitude was unfavourable.
After a security upgrade in September, Schütz attempted to test the issue but received no response from Google.
After discovering the problem, Schütz personally demonstrated it to Google developers. And that piqued their interest eventually.
Finally, his dedication paid off with a $70,000 reward and a repair that is now included in Google’s source code.