Another Lockscreen Security Bug Found in Samsung Android Phones

by Reads (20,456)

Samsung Galaxy Note IIMobile lockscreen issues have been rampant as of late. Earlier this month a Samsung Galaxy S III flaw surfaced and just this week Apple issued patch iOS 6.1.3 to fix a lockscreen issue with Apple devices.

Today, researcher Terence Eden used his blog to showcase a newly discovered security flaw in Samsung Android phones that allows users to completely bypass the lockscreen and access any app, regardless if the device is securely locked with a pattern, PIN password, or even face detection.

How the Exploit Works

The exploit is executed by using the emergency call function, dialing a non-existent emergency service number and then pressing the green dial icon. Doing this will produce an error message, but if you ignore that and press the back button the phone’s home screen becomes visible just long enough to interact with an app, a widget, the settings menu, or the phone dialer. In Google Play, you can search for and download apps that will disable the screen lock.

The exploit only appears to occur on Samsung’s version of Android. According to Eden: “[It] does not occur on stock Android from Google. This flaw only seems to be present on Samsung’s version of Android. I have only tested it on a Galaxy Note II running 4.1.2. I believe it should work on Samsung Galaxy S III. It may work on other devices from Samsung.”

Eden also noted that the new exploit “doesn’t rely quite so heavily on ultra-precise timing” as the exploit against the Samsung S III uncovered earlier.

How to Defend against the Exploit

Upon discovering the exploit, Eden contacted Samsung back in February. The company said it would patch the issue. However, until, then the best way to defend against this security problem is to completely remove Samsung’s firmware and replace it with a third party ROM.

According to YouTube user “bicecream88,” there is also another way to mitigate the effectiveness of this exploit. Users can disable their screen animations. The exploit will still exist, but the amount of time on screen is greatly reduced, making it far more difficult to employ the exploit.



All content posted on TechnologyGuide is granted to TechnologyGuide with electronic publishing rights in perpetuity, as all content posted on this site becomes a part of the community.