New Samsung flaw allows 'total bypass' of Android lock screen
Summary: Another day, another lock screen flaw. Some Samsung devices running Android 4.1.2 can allow a 'total bypass' of the device's lock screen.
Another security flaw has been discovered on some Samsung phones that allows complete access to a device.
Discovered by the same mobile enthusiast as the previous flaw, Terence Eden warns that this new bug could allow users to bypass the lock screen entirely through the use of third-party apps.
This affects pattern unlocks, PIN code screens, and face detection security.
The flaw was tested on a Samsung Galaxy Note II running Android 4.1.2 as before — but it does not appear to exist on stock Android from Google, suggesting this is limited to Samsung phones only. This flaw may exist in other Android phones, notably Samsung devices, and users and IT managers alike should test their devices immediately.
The method involves much of the same steps as before, and involves having direct access to the device. Also, the methodology may include repeating some steps, so by far this is not an easy way to gain unauthorized access to a Samsung device.
From the lock screen, an attacker can enter a fake emergency number to call which momentarily bypasses the lock screen, as before. But if these steps are repeated, the attacker has enough time to go into the Google Play application store and voice search for "no locking" apps, which then disables the lock screen altogether.
From there, the device is left wide open. Here's the video:
Eden said that he disclosed this to Samsung in late February, but unlike last time, the Korean giant responded. A software fix to this lock screen bypass will be "released shortly," according to Eden.
It comes only a few weeks after a similar flaw was discovered in the lock screen of Apple's iPhone in iOS 6.1. This was fixed on March 19, more than a month after it was first discovered. Samsung did not fix the original lock screen bug, leaving millions of devices potentially at risk from privacy invasion. More worryingly, now a similar flaw can open up the device completely.
For now, only a third-party ROM can prevent such attacks. According to Eden, one software ROM designed for the Galaxy S III claims to have fixed the problem.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Crazy...
However...
1) This exploit was facilitated enormously by having the Play Store icon on the device home screen. I wonder if it would have been possible if the Play Store had been removed from the Home Screen and was only available through the Apps Screen.
2) The hacker doesn't appear to have had to search for the screen unocker app, meaning it was a cached result from an earlier search of the Play store (?). So this exlpoit would be much more difficult if the hacker didn't have access to the phone in an unlocked state to begin with.
So yeah, it's a security exploit, but I wonder how much of a security risk it is in real world terms.
It still works.
I'm the author of the video.
1) Yes, it would. You can use this exploit to open the app drawer and swipe. It's easier if it's on the front screen - sure - but still works if it isn't there.
2) I used "voice search". If you scroll to 1m03s youlll hear my say I'm using voice search, the phone makes a beeping sound, and I say "no lock".
Thanks
Terence
Ah...
So yeah, coupled with the fact that most email clients don't prod you for credentials on your phone, this could really make it a nightmare to lose your phone.
This can be mitigated substantially by...
It is not working on Galaxy SIII
I really appreciate your video, it was really interesting. I tried to do same on my Galaxy SIII but in vain. When I clicked the back button I did not have even 0.01s to see any about my home screen or anything else than the lock screen. Maybe it depends on the speed of the device? I tried to switch on the power saving mode, but i had same experience. Perhaps I missed something? I think it is a very important thing that you pointed on, but if this affects only low-end or middle level products then I think business level customers could sleep better. Any suggestion to test? I would like to be sure my phone is not affected.
this is the fun with the open source
re-read
Android, iOS, Java, all browsers (incl. sandbox), ...
No, not all
relax iboy
Or just need help........
hhaha...get SJVN
This is silly
device, they can take it apart. Well duh... They could also pull out your sim card, and
your SD card, and grab stuff, they could also toss the whole thing in the toilet.
How about this ... don't let strangers have physical access to your phone, your wallet,
your house... duh... :-)
least of your worries
Common sense here, people...
What are you all keeping on your phone that you're so afraid of people hacking into (dic pics?)?
Who gives a rat's ars what you have on YOUR phone?
Your WALLET is insecure, someone could simply open it up and take what they want...let's all insist on locks for our wallets?
Even your keys are more of a security risk and desired item than your silly little cell phones.
Most of us probably don't even lock our phones, leaving them so that all you need to access is to move the puzzle piece into its slot...
WHO CARES?
...here's the common sense in it. It can mean your career, or many peoples.
No security if people have direct access
The Slow Death Spiral of Samsung
Once again..
But . . .