New Samsung flaw allows 'total bypass' of Android lock screen

New Samsung flaw allows 'total bypass' of Android lock screen

Summary: Another day, another lock screen flaw. Some Samsung devices running Android 4.1.2 can allow a 'total bypass' of the device's lock screen.

SHARE:
31

Another security flaw has been discovered on some Samsung phones that allows complete access to a device. 

Discovered by the same mobile enthusiast as the previous flaw, Terence Eden warns that this new bug could allow users to bypass the lock screen entirely through the use of third-party apps.

This affects pattern unlocks, PIN code screens, and face detection security.

The flaw was tested on a Samsung Galaxy Note II running Android 4.1.2 as before — but it does not appear to exist on stock Android from Google, suggesting this is limited to Samsung phones only. This flaw may exist in other Android phones, notably Samsung devices, and users and IT managers alike should test their devices immediately.

The method involves much of the same steps as before, and involves having direct access to the device. Also, the methodology may include repeating some steps, so by far this is not an easy way to gain unauthorized access to a Samsung device.

From the lock screen, an attacker can enter a fake emergency number to call which momentarily bypasses the lock screen, as before. But if these steps are repeated, the attacker has enough time to go into the Google Play application store and voice search for "no locking" apps, which then disables the lock screen altogether.

From there, the device is left wide open. Here's the video: 

Eden said that he disclosed this to Samsung in late February, but unlike last time, the Korean giant responded. A software fix to this lock screen bypass will be "released shortly," according to Eden. 

It comes only a few weeks after a similar flaw was discovered in the lock screen of Apple's iPhone in iOS 6.1. This was fixed on March 19, more than a month after it was first discovered. Samsung did not fix the original lock screen bug, leaving millions of devices potentially at risk from privacy invasion. More worryingly, now a similar flaw can open up the device completely.

For now, only a third-party ROM can prevent such attacks. According to Eden, one software ROM designed for the Galaxy S III claims to have fixed the problem

Topics: Security, Android, Samsung

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

31 comments
Log in or register to join the discussion
  • Crazy...

    OK, this is crazy. Why the emergency call feature gives even brief, momentary access to the phone in an unlocked state is nuts. It should open up a separate, sandboxed phone environment and that's all. Major security flw to be sure.
    dsf3g
    • However...

      Watching the video a second time, it seems that one should add a couple of caveats:

      1) This exploit was facilitated enormously by having the Play Store icon on the device home screen. I wonder if it would have been possible if the Play Store had been removed from the Home Screen and was only available through the Apps Screen.

      2) The hacker doesn't appear to have had to search for the screen unocker app, meaning it was a cached result from an earlier search of the Play store (?). So this exlpoit would be much more difficult if the hacker didn't have access to the phone in an unlocked state to begin with.

      So yeah, it's a security exploit, but I wonder how much of a security risk it is in real world terms.
      dsf3g
      • It still works.

        Hi,
        I'm the author of the video.
        1) Yes, it would. You can use this exploit to open the app drawer and swipe. It's easier if it's on the front screen - sure - but still works if it isn't there.
        2) I used "voice search". If you scroll to 1m03s youlll hear my say I'm using voice search, the phone makes a beeping sound, and I say "no lock".
        Thanks
        Terence
        Terence Eden
        • Ah...

          Thanks for that. Couldn't figure out how you were searching the Play Store.

          So yeah, coupled with the fact that most email clients don't prod you for credentials on your phone, this could really make it a nightmare to lose your phone.
          dsf3g
        • This can be mitigated substantially by...

          unchecking the option to launch S-Voice by double tapping the home button. Having this option checked results in the home button waiting for a second press. This results in being able to view the home screen that much long. It seems to cut in half the amount of time you can see the home screen. I tried a number of times to select anything on my home screen and couldn't.
          laequis
        • It is not working on Galaxy SIII

          Hi Terence,

          I really appreciate your video, it was really interesting. I tried to do same on my Galaxy SIII but in vain. When I clicked the back button I did not have even 0.01s to see any about my home screen or anything else than the lock screen. Maybe it depends on the speed of the device? I tried to switch on the power saving mode, but i had same experience. Perhaps I missed something? I think it is a very important thing that you pointed on, but if this affects only low-end or middle level products then I think business level customers could sleep better. Any suggestion to test? I would like to be sure my phone is not affected.
          IBenak
    • this is the fun with the open source

      you get it ..screw it and deliver it
      dugbug11
      • re-read

        The problem is only with Samsung phone, not the Android OS.
        Al_nyc
  • Android, iOS, Java, all browsers (incl. sandbox), ...

    Does someone really care about such issues anymore ? Yawn ... yeah it's all insecure and unsafe. Bite me.
    EnticingHavoc
    • No, not all

      iOS is not "insecure and unsafe." Bite me.
      deasys
      • relax iboy

        Chill out dude, did you write iOS personally?

        Or just need help........
        Boothy_p
  • hhaha...get SJVN

    he will share some expert advise and give you a workaround
    dugbug11
  • This is silly

    The whole "I can unlock your phone" is so silly. If anyone has physical access to a
    device, they can take it apart. Well duh... They could also pull out your sim card, and
    your SD card, and grab stuff, they could also toss the whole thing in the toilet.
    How about this ... don't let strangers have physical access to your phone, your wallet,
    your house... duh... :-)
    Iozone
    • least of your worries

      Access to the files and information on the phone are the least of your worries. It is access to your online accounts that could cause the most headaches.
      Al_nyc
    • Common sense here, people...

      This is the correct common sense 'comment'...
      What are you all keeping on your phone that you're so afraid of people hacking into (dic pics?)?
      Who gives a rat's ars what you have on YOUR phone?
      Your WALLET is insecure, someone could simply open it up and take what they want...let's all insist on locks for our wallets?
      Even your keys are more of a security risk and desired item than your silly little cell phones.
      Most of us probably don't even lock our phones, leaving them so that all you need to access is to move the puzzle piece into its slot...
      WHO CARES?
      jchandshaw
      • ...here's the common sense in it. It can mean your career, or many peoples.

        One of the leading vendors of mobile management software, Good Technology, recently published its second annual survey of 100 of its customers, which showed that the percentage of BYOD-supporting enterprises rose from 72 to 76 percent between 2011 and 2012, 94 percent have plans to support BYOD. Security is a HUGE issue in many federally regulated industries. E.G. In my firm if we have any such breach where we leave a phone on a train or have gym bag stolen (and if sufficient security isn't in place) we are required to disclose it to our clients. That breach of client confidentiality in the private wealth industry can cause major set backs or even sink a business. This is only one example of many industries that have such legislation in place. In other words... In can mean a persons career. Lots of people's careers. That said, usually there are many levels of safety in place and a lock screen is only the first.
        Todd Hooper
    • No security if people have direct access

      I agree with Iozone. If anyone has physical access to a device, then the security issue is mostly with the phone owner more than the phone itself. Same that we limit the number of people who have direct access to our server consoles.
      laman
  • The Slow Death Spiral of Samsung

    Why they are deviating more & more from stock Android makes no sense at all. Soon they will have a security issue record right up there with JAVA, Adobe Products and any Microsoft OS. This is the path to doom.
    Gr8Music
    • Once again..

      As long as humans write code, flaws will exist. End of story.
      EVHGameOvR
      • But . . .

        . . . some are obviously more flawed than others!
        Gr8Music