Bug allows complete lock screen bypass on Samsung Galaxy S III

Bug allows complete lock screen bypass on Samsung Galaxy S III

Summary: Following a brief lock screen bypass that had 'limited scope', another Samsung owner has found that the lock screen on Galaxy S III handsets can be bypassed completely.


Following claims that the lock screen in the Galaxy Note II can be briefly bypassed, another Samsung owner has stepped up to claim that the bug goes much farther, and can allow full access to the device.

In a separate post on the Full Disclosure mailing list, Sean McMillian posted a variation on the method that the original discoverer of the bug, Terence Eden, had used to briefly access the home screen on his Galaxy Note II.

Instead of launching an application on the home screen, McMillian wrote that if an attacker locks the screen and then unlocks it again, the bug would allow full access to the phone.

McMillian also tested the device on three separate Galaxy S III devices, highlighting that the issue is likely more related to Samsung's software, rather than a widespread Android issue.

ZDNet was able to confirm the complete bypass on an S3 running Android 4.1.2, although the timing to replicate the issue is very small and difficult to replicate at first. Once bypassed, the bug appears to persist, even when the phone's screen is turned back off, no longer challenging the user for their PIN, password, or pattern.

ZDNet's tests on a Galaxy Note II running Android 4.1.1 confirmed the earlier brief bypass, but we could not replicate the complete bypass bug on this device.

Samsung has still not returned ZDNet's earlier requests to comment.

Eden also previously claimed to have contacted several Samsung relationship mangers and emailed the company directly, but after not hearing anything back for five days, he decided to release the information publicly.

For those wanting to verify whether their own devices are vulnerable, McMillian's instructions are as follows:

  1. On the code entry screen, press Emergency Call

  2. Press Emergency Contacts

  3. Press the Home button once

  4. Just after pressing the Home button, press the power button quickly

  5. If successful, pressing the power button again will bring you to the S3's home screen.

The flaw comes shortly after it was revealed that the lock screen in iOS 6.1 can be completely bypassed, again using the emergency call feature.

Topics: Security, Mobility, Samsung

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • See

    Now this is like the iPhone hack... The Note 2 Hack wasn't the same.
    • Except this gives full access.

      The iPhone bug was still limited on what was available.

      Likewise, it will take months to get a fix rolled out.
  • Confirm it works

    crap, I can conform that it works. just did it on my SGIII
  • Doen't work on CyanogenMod

    The moral of the story is to root and mod.
  • AT&T Galaxy S3

    On step 5 it should be if successful, pressing the home button again will bring you to the S3's home screen. I followed the steps as were and could make it happen but change step 5 and it stays until a restart.
    Jason Goodson
  • whoops

    Laughing out loud.. :D
  • copycats

    Wow, those copycats are too good!! They are apple to copy even the bugs from Apple :)
  • Opps

    So much for any companies that bought into all the SAFE propaganda.

    Company CIO - "We're dumping Blackberry and their security as Samsung can equal all that with SAFE!"

    Company Risk Officer - "ZDNet just published a how to bypass any security we enforce"


    It's comical how people dismiss a proven security solutions for hip commercials. Maybe they'll stop putting money in banks next!
  • Trivial workaround

    And here's the trivial workaround: set the option that kicks in the lockscreen when you hit the power button?

    How do I know this? It's because that's how I had my S3 set up. I couldn't reproduce it because in the last key of the sequence, it powers off my screen and when I turn it back on, it shows the lockscreen.... :-)
  • forgot screen lock password

    Here's an article about "how to backup iPhone if you forgot screen lock password".