A major exploit in Google Pixel smartphones has just been revealed, allowing an attacker to unlock and access your smartphone by switching out the SIM card.

The issue has been discovered by David Schütz (CVE-2022-20465) who says an “attacker with physical access [can] bypass the lock screen protections (fingerprint, PIN, etc.) and gain complete access to the user’s device.” The issue has been fixed in the November security patch for Pixel devices. Read below to find out how the exploit works.

We can see a locked smartphone with biometrics deactivated after numerous unsuccessful attempts in the demonstration video above. After changing the SIM, you will be prompted to “Enter SIM PIN.” After three incorrect PIN attempts, users are prompted to enter the PUK code, which you should know because it’s your SIM card.

When you enter a new PIN number for that SIM card after successfully entering the previous one, the phone will unlock to your home screen and give you full access.

Schütz explains that since the attacker could just bring his/her own PIN-locked SIM card, nothing other than physical access was required for exploitation. The attacker could just swap the SIM in the victim’s device, and perform the exploit with a SIM card that had a PIN lock and for which the attacker knew the correct PUK code.

Google did not address the Pixel lockscreen issue until September after Schütz reported the unlock bug to Android’s Vulnerability Rewards Program in the middle of this year (after some in-person prompting). A $70,000 reward was given for solving it, and it is classified as a “System” issue with “High” severity in the November security patch. The fix has been rolled out to Android 10, 11, 12, 12L, and 13 AOSP versions. The November security patch is currently available for the Pixel 4a and newer. So if you have a Pixel device with this patch available, we advise you to update ASAP.

RELATED:

• Apple iPhone 14 series suffers from a SIM bug, but a fix is on its way
• Google One VPN service now available for Mac and Windows users
• Google Pixel 8 and 8 Pro are codenamed Shiba and Husky; powered by Tensor G3 SoC

(Via: 9to5Google)

The post Major Pixel Bug Allows Anyone To Unlock Your Phone Using Sim Card, Update Immediately appeared first on Gizmochina.

Apple recently launched its first chipset under Apple Silicon — M1 and the company have already started transitioning from the Intel-based chips to its own ARM-based processors. While the user’s response has been pretty good, we keep hearing about issues facing the new M1-powered devices as time goes by.

In the latest development, security researchers have discovered a first browser side-channel attack that is JavaScript-free and it appears that the new Apple M1 chips may be vulnerable to the attack.

Researchers at Cornell University started with the goal of exploring the effectiveness of disabling or restricting JavaScript for mitigating attacks. During the research, they created a new side-channel proof of concept in CSS and HTML which could open the door to “microarchitectural website fingerprinting attacks.” It works even if script execution is completely blocked on a browser.

The vulnerability allows attackers to eavesdrop on a user’s web activity by leveraging features in the target’s packet sequence. Not only can it bypass JavaScript but it also disregards privacy technologies like VPNs or TOR.

The team tested the attack on Intel Core, AMD Ryzen, Samsung Exynos, and Apple M1 chips and while almost all CPU architectures are susceptible to the attack, the researchers claim that Apple M1 and Samsung Exynos chips are more vulnerable to their exploits.

This is the second vulnerability found to affect Apple M1 chip that has surfaced in recent weeks. Last month, researchers discovered a mysterious malware strain called Silver Sparrow that had the ability to run natively on Mac devices with M1 chips.

RELATED: 

• Qualcomm working on next-gen Snapdragon 8cx chipset to take on Apple M1
• Apple M1-based 2020 MacBook Air refurbished models listed on China Apple store
• Apple officially announces it has commenced iPhone 12 assembly in India

The post Apple M1 chip found to be vulnerable to browser-based side-channel attack appeared first on Gizmochina.

For the past few years, Apple started included the Secure Enclave chip on its devices as a way to encrypt and secure user data stored on the device. Now, a new exploit has allegedly been found for the chip, putting data of millions of users at risk.

As per the reports, Chinese hackers from the Pangu Team have found an “unpatchable” exploit on the Apple Secure Enclave chip that could break the encryption of the private keys stored on the device.

This is claimed to be unpatchable because the vulnerability is related to the hardware and not software, so there’s nothing Apple can do to fix this issue for the devices that have already been shipped. This also means that hackers need to have physical access to the device in order to do obtain data.

While there are no exact details available about the exploit, but the devices at risk include all the devices running Apple A7 chipset to A11 Bionic chip.

The Team Pangu has found an “unpatchable” vulnerability on the Secure Enclave Processor (SEP) chip in iPhones. https://t.co/9oJYu3k8M4

— Jin Wook Kim (@wugeej) July 29, 2020

EDITOR’S PICK: Apple vendor is reportedly planning to shift iPhone production from China to India

Following devices come packed with Secure Enclave chip:

• iPhone 5s and later
• iPad (5th gen) and later
• iPad Air (1st gen) and later
• iPad mini 2 and later
• iPad Pro
• Mac computers with the T1 or T2 chip
• Apple TV HD (4th gen) and later
• Apple Watch Series 1 and later
• HomePod

For those who are unaware, Secure Enclave is a security-related co-processor that Apple includes in almost all of its devices now as a way of providing an extra layer of security for the user data stored locally on the device.

The data on the device is encrypted with random private keys, which can only be accessed by the Secure Enclave. These keys are unique to the device and are never synchronized with iCloud. The chip also stores keys for passwords, the credit card for Apple Pay, and even biometric data for Touch ID and Face ID.

UP NEXT: Mobile gaming revenue surges 27 percent in Q2 2020; generates $19.3 billion

The post Apple Secure Enclave chip found to have ‘unpatchable’ exploit appeared first on Gizmochina.