x PhoneArena is looking for new authors! To view all available positions, click here.
  • Home
  • News
  • Samsung Galaxy S III flaw bypasses lock screen (again)

Samsung Galaxy S III flaw bypasses lock screen (again)

Posted: , by Nick T.

Tags:

Samsung Galaxy S III flaw bypasses lock screen (again)
Several days ago, a flaw in the Samsung Galaxy S III interface was discovered allowing access to the phone's home screen even when a PIN or pattern lock screen was enabled. That hack, however, didn't seem as much of a threat given how little time one had to actually do something naughty with the targeted device. Yet now, another vulnerability that works in a similar fashion has been found and it pretty much bypasses the lock screen indefinitely. And that's a pretty serious privacy concern.

Here's how the hack works: from the lock screen press the "Emergency Call" button at the bottom. Then quickly press the emergency contacts button (bottom left), then the home button and then the lock key. If done properly, the next time the lock key is pressed it will take you to the Samsung Galaxy S III home screen. 

Note that this hack does not work every time. First time we tried bypassing our Galaxy S III lock screen it took us about 10 minutes of trying. But then we got the hang of it and managed to hack it within 10 attempts. Also, the one who discovered the vulnerability notes that having screen auto-rotation enabled increases the chances of the hack to work. Strangely, although the hack gives access to all apps and home screens, the notification bar remains inaccessible. This flaw appears to affect Samsung Galaxy S III units running Android 4.1.2. (UPDATE: Samsung Galaxy Note II is vulnerable as well.)

So all of you, guys, holding on to a Samsung Galaxy S III protected by a PIN or pattern, keep in mind that it isn't as secure as it should be. Hopefully, Samsung will address the issue in a timely manner.

34 Comments
  • Options
    Close




posted on 07 Mar 2013, 02:08 8

1. DKMDROID (Posts: 102; Member since: 09 Aug 2011)


were GS3 owners feeling left out because iPhone users were having the problem or was iPhone users jealous of GS3 users cos they didnt have the problem?

posted on 07 Mar 2013, 04:18 2

20. darkkjedii (Posts: 12618; Member since: 05 Feb 2011)


Gs3 messes up too from time to time.

posted on 07 Mar 2013, 14:38 3

30. Stuntman (Posts: 784; Member since: 01 Aug 2011)


Apple will sue Samsung for copying their security problem. :)

posted on 07 Mar 2013, 02:20 1

2. wendygarett (unregistered)


Oh pa, having too much free time to make this unnecessary nonsense? What next? Security flaw on lumia 920 as well? Lol

posted on 07 Mar 2013, 02:23 14

3. edgabimbam (unregistered)


Seems you also have a lot of free time with spaming this website...

posted on 07 Mar 2013, 02:25 14

4. emadshiny (Posts: 1142; Member since: 05 Dec 2012)


grow up baby.
security is one of the most important aspect of a phone.
of course its clear that you'd prefer to read some news about Pokemon.

posted on 07 Mar 2013, 02:34

6. wendygarett (unregistered)


Phonearena is to review the phone, not teaching us hacking the phone, this article has clearly violated Sammy users' privacy if you ask me :(

posted on 07 Mar 2013, 02:45 7

10. emadshiny (Posts: 1142; Member since: 05 Dec 2012)


thank you for defining the role of PA.
this is a tech site and it will cover whatever is related to it and security is one of the most important of those.
and i thought you owned HTC One X

posted on 07 Mar 2013, 03:02 3

12. tiara6918 (Posts: 1532; Member since: 26 Apr 2012)


He/she does own a one x, from being an apple fanboy to samsung, I wonder what's next...

posted on 07 Mar 2013, 03:44

18. wendygarett (unregistered)


"Note that this hack does not work every time. First time we tried bypassing our Galaxy S III lock screen it took us about 10 minutes of trying. But then we got the hang of it and managed to hack it within 10 attempts."

this statement has clearly shown that phonearena is trying to hack Sammy user devices... is that not violation?

posted on 07 Mar 2013, 07:26 2

25. darkkjedii (Posts: 12618; Member since: 05 Feb 2011)


Wendy it looks as if there's more than one person doing the typing on you're post's. that, or you're learning how to type better.

posted on 07 Mar 2013, 02:25 7

5. windy (Posts: 16; Member since: 28 Oct 2012)


looks like android community was having fun with Apple while they had the same flaw.

posted on 07 Mar 2013, 02:43 2

9. PapaSmurf (Posts: 8922; Member since: 14 May 2012)


This is so true lol.

posted on 07 Mar 2013, 05:27 2

22. anywherehome (Posts: 971; Member since: 13 Dec 2011)


you lie, Android has no problem, Samsung has a problem ;)
read more, think more :)

posted on 07 Mar 2013, 02:42 2

7. PapaSmurf (Posts: 8922; Member since: 14 May 2012)


It works after the 1938472724 time I tried. -_-

posted on 07 Mar 2013, 02:43 7

8. BackHandLegend (Posts: 80; Member since: 15 Dec 2012)


I really hope Apple doesn't sue over this...

posted on 07 Mar 2013, 02:45 2

11. PapaSmurf (Posts: 8922; Member since: 14 May 2012)


How do people find this? Do they have this much free time in the day to try all aspects of bypassing lock screens on phones? This goes to the iPhone one too. That one was complicated and was found days after 6.1 rolled out.

posted on 07 Mar 2013, 03:05

13. Topcat488 (Posts: 1173; Member since: 29 Sep 2012)


Looking forward to the Note III, I'm still loving my updated Original Galaxy Note... Never was a fan of the S series, so sorry it has that problem... It's "Note" or bust for me, Okay i'm lying... I'm gonna pick up a fiberglass iphone too. To the OEM fix these problems please. :/

posted on 07 Mar 2013, 03:08 1

14. roscuthiii (Posts: 1873; Member since: 18 Jul 2010)


My cousin is a genius when it comes to getting by people's lock screen. He's been doing it long before I ever heard about on sites like PA. Lil' bastid then likes to send embarrassing messages to people, nothing more nefarious than that though at least.
Because of him, I downloaded an app called App Lock. Even if he gets past the lock screen there's nothing he can do about the 2nd (different) pass code which doesn't seem as exploitable as a lock screen.
Not an advert for App Lock, just the one I happen to use. It just works well enough for me that because I have access to contacts, photos, calling, Play Store, etc. blocked off that I don't even bother with the lock screen anymore.

posted on 07 Mar 2013, 03:20 6

15. RohanM (Posts: 134; Member since: 15 Jan 2013)


With having so many issues to sgs3 i am starting to hate my own sgs3.. so became a sammy hater.. issues like, sudden death, heating, poor multitasking...and so on..

sammy u disappointed me... typing from my sgs3........

next time will go for sony or htc (nokia only if they come up with droid) :)

posted on 07 Mar 2013, 03:37

17. wendygarett (unregistered)


I'm afraid you will regret for leaving Sammy :)

posted on 07 Mar 2013, 03:30 2

16. RohanM (Posts: 134; Member since: 15 Jan 2013)


well it was secured until u posted it PA. lol

posted on 07 Mar 2013, 04:10

19. ilia1986 (unregistered)


Sorry - got nothing to hide on my SGS3. And it's always with me at all times regardless. Not to mention you got a gazillion apps to password lock your access to apps and what not.

posted on 07 Mar 2013, 04:21 2

21. darkkjedii (Posts: 12618; Member since: 05 Feb 2011)


That's not the point. The gs3 isn't perfect after all, it has its hiccups too.

posted on 07 Mar 2013, 06:04

23. jroc74 (Posts: 5192; Member since: 30 Dec 2010)


Sammy....Sammy...Sammy.....

Well....I know if I ever get an update or phone that have the emergency contacts icon ....I better take extra steps for security...

posted on 07 Mar 2013, 06:45 1

24. bibekpachhai (unregistered)


I can do the same thing on my S3 which is running 4.1.1, so it basically all S3

posted on 07 Mar 2013, 08:47 2

26. gallitoking (Posts: 4690; Member since: 17 May 2011)


Samsung will do nothing as all their attention is on the upcoming release of the highly hyped Galaxy 4 and don't have time for a s3 being on life support... Same fate of the s2 last year.

posted on 07 Mar 2013, 13:17 1

29. g2a5b0e (Posts: 2710; Member since: 08 Jun 2012)


What you just said makes absolutely no sense. The S2 never suffered at any such fate a year ago. It just received Jellybean. Does an almost 2-year old phone on "life support" receive a new operating system? No. Also, it was the highest selling Android phone of all-time before the S3. Now that the S3 is the highest selling Android of all-time, you can believe it will get the same or even better support in the future. It already went from 4.0 to 4.1. They'll squash this bug, then soon it will get 4.2. There's no doubt in my mind that it will see 5.0 in the future, too.

posted on 08 Mar 2013, 00:33

33. g2a5b0e (Posts: 2710; Member since: 08 Jun 2012)


Definitely not a fan of these links they're adding into people's posts now...

posted on 07 Mar 2013, 09:29 2

27. Ninetysix (Posts: 1679; Member since: 08 Oct 2012)


Calling all the fandroids that mocked Apple when PA posted the lockscreen bypass. Please point at yourself in the mirror and laugh.

http://www.phonearena.com/news/Another-day-another-way-to-bypass-the-passcode-discovered-in-iOS-6.1_id40247

gmracer1, etc

posted on 07 Mar 2013, 09:36

28. AnnDroid (Posts: 53; Member since: 02 Aug 2011)


What about "us gals".

Anyway, I use App Protector when I leave the house to lock down what's important. I have 'on {X}' notify me by gps location that I've left the house and I need to lock the phone. Works 100% of the time.

posted on 07 Mar 2013, 14:52

31. zibbyzib2000 (Posts: 204; Member since: 18 Nov 2010)


You see... Can't we all just get along

posted on 08 Mar 2013, 00:26

32. genious_gce (Posts: 3; Member since: 08 Mar 2013)


I'm able to bye pass in my samsung galaxy s3 easily which is running on 4.1.2
Once you bye pass, the lock screen never shows up when u turn off and turn on the power button..

Biggest bug ever...

posted on 13 Oct 2013, 09:27

34. PhilMay (Posts: 1; Member since: 13 Oct 2013)


Everybody here who believes Phonearena is in any violation of any policies at all is sorely mistaken. First of all here is a bit of my backround that qualifies me to give opinions and correct misconceptions. For over 20 years i have been involved in data security for large corporations. When i was 12 i began building computers and now i own one of the nations largest smart phone repair shops. As a data security analyst, my JOB was to exploit potential security flaws and secure them. Only by actually attempting to hack any system will you find these flaws. Phonearena is not the first to post this exact security flaw, and until there is a solid fix they will not be the last. While this information can in fact be used for nefarious reasons, it is also being used to develop the fix. If you are truly worried that this information could compromise your data, replace your lock screen with a third party app lock screen. This particular hole is ONLY applicable to NATIVE lock screens on Samsung devices running specific versions of JB. Also keep your phone in your pocket or purse! Coming on here and trolling the OP is only making it obvious that you have absolutely no working technical aptitude that would even qualify you to have any opinion on this matter. I would like to point a few facts out about this security flaw:
1. Cellular and Data signals will not work, the phone still thinks it is locked and is restricted to only emergency contact.
2. WiFi DOES work, however WiFi calling will not work when the device believes it is in lock mode.
3. If there is no WiFi signal, then no data dependent apps will function at all when the phone is accessed in this manner.

If you actually become a "victim" to this exploit, then you might be better off with a little flip phone that does not require you to be responsible in any way. Samsung produces top of the line cutting edge devices, if you stepped up to the plate and purchased one for yourself, be responsible. Would you be so careless with your $500-$800 ring or necklace? NO YOU WOULD NOT. You would never leave that ring or necklace where it could be easily stolen because it was so expensive, so don't leave your galaxy series cell phone in the same situation, it was just as expensive and more importantly it potentially contains sensitive personal information and possibly even nude pics of your girlfriend!

Take care of your device and be responsible, and you wont have any worries.

Want to comment? Please login or register.

Latest stories