Google recently rolled out the November security patch for Android, and if you own a Pixel, you should download the update as soon as humanly possible. The patch contains a bug fix for a security vulnerability that could allow attackers to bypass the lock screen and gain full access to Pixel phones using nothing more than a SIM card.
In a lengthy blog post, bug hunter David Schütz explains how he discovered the bug in the first place. After accidentally uncovering unexpected behavior when booting up his Pixel 6 after it died, Schütz decided to investigate further.
He found that by swapping out the Pixel’s SIM tray, resetting the SIM card’s PIN, and failing to input the correct PIN number three times, he was able to unlock the Pixel 6 by entering a Personal Unlocking Key (PUK) and choosing a new PIN.
If you want to see what the process looks like in action, check out this video:
Google finally patched a dangerous Pixel bug
He reported the bug to Google back in June, and after plenty of back and forth, the Android team finally got around to fixing it this month.
The fact that a threat actor would need physical access to a device in order to unlock it might explain why it wasn’t high on Google’s priority list.
That said, the fact that Google knew how easy it would be for any hacker to unlock a Pixel for this long and took ages to do anything about it is rather concerning. Schütz believes that this bug likely affected every Pixel device, including the new Pixel 7 and Pixel 7 Pro, and possibly other Android devices as well. But it should be patched now.
If you haven’t already, be sure to download the November security patch ASAP. You can start the process by going to Settings > Security > Security update > Check for update on your Android device. Even if you don’t own a Pixel, better to be safe than sorry.
More coverage: Did we already see the first Google Pixel 8 leaks?