A security researcher accidentally exposed how to bypass the lock screen on Android. As a result, Google paid him $70,000 for reporting the issue.
David Schütz describes on his blog how it is relatively easy to bypass the lock screen. The big ‘but’ is that you need physical access to the device for a few minutes.
Schütz locked himself out of his own device by using the wrong PIN code. However, after entering the PUK code, he noticed that he could directly enter the device with only the fingerprint scanner. At the same time, after a reboot, you normally also need your lock pattern.
That fingerprint scanner also turned out to be circumventable. By first offering a wrong finger often enough, it is no longer requested afterwards. So in principle, you have to pass the lock screen, but because it does not appear, you can immediately enter the device.
Schütz was able to reproduce the problem with both a Pixel 6 and Pixel 5, each time with all patches and updates. He reported the issue to Google in June 2022, which it has now addressed since the November update. He also received a $70,000 bug bounty for the report.
