Samsung’s security patches usually come with dozens of fixes to vulnerabilities concerning Google’s Android OS and Samsung’s own software, whether it’s One UI or other components that are unique to Galaxy devices. Interestingly enough, the November 2022 security patch has addressed an Android OS security flaw that has plagued Google’s Pixel phones for a few good months. But although this fix was mentioned in Samsung’s November bulletin, Galaxy device users need not worry about it.
The vulnerability, labeled CVE-2022-20465, allowed anyone with an extra SIM card to bypass the lock screen of a Pixel 5 or Pixel 6 (at least) and unlock these phones. Indeed, it was a full-fledged lock screen bypass that didn’t require any external tools (aside from a regular SIM) or advanced hacking skills.
As demonstrated by the Pixel owner who found the issue in the video below, anyone with an extra SIM could have unlocked a Pixel phone just by hot-swapping the card, entering the wrong PIN three times, inserting the correct PUK, and then setting up a new PIN.
This lock screen bypass seemingly was never an issue for Galaxy phones
Although this massive security flaw appears to have existed for months before Google addressed it on Pixel phones with the November 2022 patch, it seemingly was never a problem for Galaxy phones. Yes, Samsung lists the vulnerability in the November 2022 bulletin, but even before this fix was released, Galaxy phones were seemingly safe from this egregious lock screen bypass flaw.
Android open-source commits show that the problem was deeply rooted in Android OS and the way the operating system deals with so-called “security screens,” whether they’re PIN entry screens, password screens, fingerprint screens, and so on. This appears to be the reason why it took Google a few good months to address the issue for Pixel phones, but it also shows that, sometimes, Samsung’s phones are more secure than Google’s devices, thanks to the Korean tech giant’s own Android skin and proprietary software.
On the bright side, Samsung devices appear to be safer than Pixels, at the very least in this one instance. Then again, finding this flaw led to a $70,000 reward for the person who helped Google. Had he used a Galaxy device, he probably would’ve remained unaware of the security flaw and never got that $70,000 reward.
In any case, if you want to be completely sure that your Galaxy device can’t be as easily unlocked through this exploit, you should download and install the November 2022 security patch on your Samsung phone as soon as it is available. So far, it rolled out for several devices, including the Galaxy Z Fold 3 and 4, the Galaxy Z Flip 3 and 4, and the US-unlocked Galaxy Note 20 series, with more to come.