A think that is missed a lot about the reporting about the AOSP bug is that it *results* in an invalid system state. So if your phone isn't decrypted (i.e. cold boot) it will hang on "Starting Android..." as the lockscreen has been dismissed, and this needs to be complete to decrypt the phone. Similar happens whilst the system is decrypted as whilst you can dismiss the lock screen there will be issues with opening apps and accessing data and the phone isn't *actually* unlocked, rather the lockscreen is simply dismissed.
So it affects Android 10 to 13, but what about LineageOS, CalyxOS, GrapheneOS, or Brax OS running on a Pixel? These are all based on Android, but might not have quite the same functionality.
Imagine that still a lot of the PCs out there do not use UEFI boot sequence, so any unsigned code can be ran during boot, still they are working fine...
@@octopusdreams It seems as though you are likely fine if you got the November update. This exploit has got me considering an alternative ROM since my phone likely just got it's last security update a couple months ago.
@@octopusdreams Yeah... Graphene is more heavily modded then most security wise. I hear this researcher was the second to report this bug to Google. Unlikely as it may be it's possible Graphene was the first. 🤣
Using Graphene OS on my Google Pixel 4A. Hopefully this lock screen exploit doesn't exist, or is exceptionally hard to achieve using this operating system. Either way I assume it will be patched fast. Thank you guys for reporting this stuff.
4:33 Google awarded him the bounty AFTER they first tried to avoid paying him by saying it was a duplicate bug; they claimed they already knew about it TWO MONTHS earlier (and hadn't fixed it). 😒
@Evenstar The issue was with the AOSP, however some vendors use the SIM unlock utilities provided by modem vendors like Qualcomn or MediaTek which don't have these issues.
Wish someone would find one of those passcode bypass for Apple devices. Millions of perfectly working Apple devices go to the shredder every year because you can't default them without the passcode. I have 13 ipads that are in perfect shape but don't have the passcode. Left at hotels. nobody called to retrieve them can't look up who they are. All it would take is setting up a theft alert app for Apple devices. It would let you post if it's stolen given away or sold and delist it from your Apple account. Then build a machine that defaults Apple devices so all data gone and passcode reset. Place it in stores or approved shops for people to use with a small fee. If it's reported stolen the machine swallows and locks the device inside for Apple to retrieve and return to the owner or police. what if someone forgets their passcode? It's garbage just the same. I came up with a way that in the end pays for itself in small fees. I'm not the uni grad here Apple techs are. Why don't they do this? Because they want their used items scrapped. Sick of Apples rampant greenwashing lies. It's so much worse for fixing apple devices. One small part that is 10 cents for 20 is dead but the whole thing gets scrapped. Can't get the part or the password bricks the device. disgusting.
Were the devices left to charge? you'd think people would use "Find my phone". Maybe they had "Find My" disabled? I think 90% or more people have it enabled. I think it's either on by default, or prompts the user to enable it.
Thank you so much for sharing our ‘Paloma’ shirt design with your viewers. It means the world to me and the family.🙏🏼
A think that is missed a lot about the reporting about the AOSP bug is that it *results* in an invalid system state. So if your phone isn't decrypted (i.e. cold boot) it will hang on "Starting Android..." as the lockscreen has been dismissed, and this needs to be complete to decrypt the phone. Similar happens whilst the system is decrypted as whilst you can dismiss the lock screen there will be issues with opening apps and accessing data and the phone isn't *actually* unlocked, rather the lockscreen is simply dismissed.
We Love YOU Shannon!!!
So it affects Android 10 to 13, but what about LineageOS, CalyxOS, GrapheneOS, or Brax OS running on a Pixel? These are all based on Android, but might not have quite the same functionality.
Great video Snubs, Happy Birthweek
Thank you for the updates on threeth wire
As a yoga owner this was panicking, gotta update ASAP.
Imagine that still a lot of the PCs out there do not use UEFI boot sequence, so any unsigned code can be ran during boot, still they are working fine...
I heard the SIM attack could work on other devices as well. Is this just a Pixel exploit?
@@octopusdreams It seems as though you are likely fine if you got the November update. This exploit has got me considering an alternative ROM since my phone likely just got it's last security update a couple months ago.
@@octopusdreams Yeah... Graphene is more heavily modded then most security wise. I hear this researcher was the second to report this bug to Google. Unlikely as it may be it's possible Graphene was the first. 🤣
Lenovo with UEFI threats......yeah I am sure that was not intentional. Anyone who cares about security should avoid Lenovo IMO.
Using Graphene OS on my Google Pixel 4A. Hopefully this lock screen exploit doesn't exist, or is exceptionally hard to achieve using this operating system. Either way I assume it will be patched fast. Thank you guys for reporting this stuff.
Video said patch was already released earlier this month (November 2022).
Has anyone tried this on other android phones?
Its funny you coverage bug that fix?!
Would be great if I could just disable the garbage fingerprint reader on my own Pixel 6.
The real question is the government going to hodl or sell the bitcoin
4:33 Google awarded him the bounty AFTER they first tried to avoid paying him by saying it was a duplicate bug; they claimed they already knew about it TWO MONTHS earlier (and hadn't fixed it). 😒
My pixel is up to date, but I'm curious if the issue is effected by using an esim.
well considering you have to hotswap the sim to perform the attack....
@@CyberVeggie That's what I assumed, but I don't like to assume things.
Of course I have the Y700....
If the internet ACTUALLY starts a fight. I'll eat my hat.
I don’t get why it’s so dumber down
@Hak5/@threatwire. you should react to the recent NPS (a school district) ransomware infection. 🤔
3:01 yes human engineering. thats how it works. still they not think it can use wrong
Pixel unlock nerve been more easy 🤣🤣🤣
@Evenstar The issue was with the AOSP, however some vendors use the SIM unlock utilities provided by modem vendors like Qualcomn or MediaTek which don't have these issues.
Yeeaaaaahhhh I'm just about tired of Lenovo.
Lol tyyy
Time stamp 0:03 big jiggles
3:30 lul everyone can do that
Wish someone would find one of those passcode bypass for Apple devices. Millions of perfectly working Apple devices go to the shredder every year because you can't default them without the passcode. I have 13 ipads that are in perfect shape but don't have the passcode. Left at hotels. nobody called to retrieve them can't look up who they are. All it would take is setting up a theft alert app for Apple devices. It would let you post if it's stolen given away or sold and delist it from your Apple account. Then build a machine that defaults Apple devices so all data gone and passcode reset. Place it in stores or approved shops for people to use with a small fee. If it's reported stolen the machine swallows and locks the device inside for Apple to retrieve and return to the owner or police. what if someone forgets their passcode? It's garbage just the same. I came up with a way that in the end pays for itself in small fees. I'm not the uni grad here Apple techs are. Why don't they do this? Because they want their used items scrapped. Sick of Apples rampant greenwashing lies. It's so much worse for fixing apple devices. One small part that is 10 cents for 20 is dead but the whole thing gets scrapped. Can't get the part or the password bricks the device. disgusting.
Were the devices left to charge? you'd think people would use "Find my phone". Maybe they had "Find My" disabled? I think 90% or more people have it enabled. I think it's either on by default, or prompts the user to enable it.
Sony Xperia FTW
legal drugs is cool tough.
Lenovo is 8 years too late
is the government going to give back that stolen bitcoin to the victims? no? will they at least use the money on public spending?
It was probably their money to begin with
@@_BangDroid_ doesn't matter, they have the guns. if they say it's theirs, it probably is....
Lenovo is a joke.
I'm the first to watch and like 😂!
For second place, I think the prize should be some of that "worthless" BTC the feds seized.
i don't like this women
😇😇