Cybersecurity researcher David Schütz accidentally found a way to bypass the lock screen on his fully upgraded Google Pixel 6 and Pixel 5 smartphones, allowing anyone with physical access to the device to unlock it. Exploiting the vulnerability to bypass the lock screen on Android phones is a simple five-step process that would take no more than a few minutes.

Last week, Google fixed the security issue in the latest Android update, but a loophole that allowed the lock screen of some devices remained available for exploitation for at least six months. Researcher David Schütz says he discovered the glitch by accident after his Pixel 6 ran out of battery, entered its PIN wrong three times, and retrieved the locked SIM card using the PUK (Personal Unblocking Key) code. To your surprise, after unlocking the SIM and selecting a new PIN, the device did not ask for the lock screen password, but only a fingerprint verification. The researcher continued testing, and when he tried to reproduce the glitch without restarting the device and starting from an unlocked state, he found that it was also possible to bypass the fingerprint prompt by going straight to the home screen.

The impact of this security vulnerability is quite broad, affecting all devices running Android versions 10, 11, 12, and 13 that have not been updated to the November 2022 patch new. The attacker can simply use their own SIM card on the target device, disable biometric authentication (if blocked), enter the wrong PIN three times, provide the PUK number, and access the victim's device without restrictions.