x PhoneArena is looking for new authors! To view all available positions, click here.
  • Home
  • News
  • Security flaw discovered on Samsung Galaxy devices, (kind of) allows lock screen bypassing

Security flaw discovered on Samsung Galaxy devices, (kind of) allows lock screen bypassing

Posted: , by Nick T.

Tags:

Security flaw discovered on Samsung Galaxy devices, (kind of) allows lock screen bypassing
Although the following vulnerability is not likely to expose any sensitive data stored on one's smartphone, its a flaw that must be brought to people's attention. It has been discovered that the Samsung Galaxy Note II, Galaxy S III, and perhaps other of the maker's recent Android smartphones running version 4.1.2 of the OS are affected by a glitch that exposes their home screen for a fraction of a second even if the device is protected by a PIN or pattern.

The video below demonstrates how the hack is performed by accessing the "Emergency Call" menu from the pattern lock screen and then listing the user's ICE emergency contacts list. If the home button is pressed at that time, the home screen is displayed briefly, thus letting one launch applications, assuming their fingers are fast enough. In theory, that could allow someone to call contacts listed on Direct Dial widgets, or cause other kinds of trouble. We can confirm that the hack works on a Samsung Galaxy S III running Android 4.1.2.

Of course, the flaw is no cause for major panic, but it is one that definitely shouldn't be present on a device that is supposed to be secure. In case someone can confirm the presence of this vulnerability on other Samsung Android devices, let us know down in the comments!


37 Comments
  • Options
    Close




posted on 04 Mar 2013, 07:36 13

1. PapaSmurf (Posts: 6609; Member since: 14 May 2012)


I will admit, it has happened ONCE, and that's because I was running Pandora, updating apps, and have Power Saving Mode on (idk why) but hasn't happened ever since. I just tried this on my GS3 and it didn't work.

posted on 04 Mar 2013, 08:03 5

11. Mxyzptlk (Posts: 2842; Member since: 21 Apr 2012)


Security needs vast improvement.

posted on 04 Mar 2013, 09:36 15

20. PapaSmurf (Posts: 6609; Member since: 14 May 2012)


I know in iOS 6. Tell Apple to fix that ASAP.

posted on 04 Mar 2013, 10:22 1

21. techspace (Posts: 394; Member since: 03 Sep 2012)


to be honest, i think apple ios will remain the most secure os for a long time and its easy to push in more, quicker security updates on ios
forget about android not being secure, even we don't know how many things we do on our devices to make them even more insecure, especially with the custom builds(rooting)
i am not talking about this minor issue(samsung's lock screen bypassing) , i am talking about android in general........we don't know about the future, but today android is more vulnerable

posted on 04 Mar 2013, 11:27 6

23. PapaSmurf (Posts: 6609; Member since: 14 May 2012)


I'd have to give BB credit. Blackberry is probably in my book the most secure.

posted on 04 Mar 2013, 15:13

27. Mxyzptlk (Posts: 2842; Member since: 21 Apr 2012)


Certainly not financially secure.

posted on 05 Mar 2013, 07:47

36. techspace (Posts: 394; Member since: 03 Sep 2012)


bb is vulnerable today, bb10 can be affected sooner or later
ios and android are more popular and have a lot of apps, we can talk about bb if it remains as secure even after getting more apps and attention
and the playbook can run malicious android apps as well

posted on 04 Mar 2013, 12:53 8

25. hiBreed (Posts: 90; Member since: 29 May 2012)


Are u high on crack? Since when did ios become the most secure os. Blackberry would remain the most secure os, even if they had a 1 month holiday

posted on 05 Mar 2013, 07:34

34. techspace (Posts: 394; Member since: 03 Sep 2012)


bb pin to pin messages are insecure......every hacker is saying that bb is vulnerable, don't talk about the age old useless bb phones, look at the latest ones.....they are vulnerable today, anything could happen if bb becomes more popular and gets more attention(especially hacker's attention) like ios and android....we don't even know what will happen if they get hundreds of thousands of apps like ios and android
talk about bb10,not about the useless older versions..... how can you say that its secure, you can say that after giving it sometime
talking about older versions, bb playbook ran android apps and games.....even the ones that were malicious

posted on 05 Mar 2013, 07:43

35. techspace (Posts: 394; Member since: 03 Sep 2012)


wait for a couple of years, you will understand who is right and who is crack.....don't talk about what happened in the past when they had no attention, no proper OS like bb10
and bb services don't even work sometimes....
there were times when people like you said that mac os x was really very secure, what happened today?
apple offers great security to ios, jailbreaking the phones is becoming harder and harder day by day, they are hiring many hackers, their hard work on ios is evident..there are almost a million apps and none of them have malware, even the ones that crept in were thrown away

posted on 04 Mar 2013, 13:58 4

26. ZeroCide (Posts: 677; Member since: 09 Jan 2013)


Your comments need vast improvemant too.

posted on 04 Mar 2013, 10:31

22. techspace (Posts: 394; Member since: 03 Sep 2012)


is it working when you are on wifi and when you are on power saving mode?
just try it and tell me.........and are you using the international version?

posted on 04 Mar 2013, 11:30 1

24. PapaSmurf (Posts: 6609; Member since: 14 May 2012)


T-mobile Galaxy S3. I tried again. It works, but it only shows the homescreen for 1/16 of a second which really isn't an issue to me. All I have is the weather widget, camera, gmail, etc. and that's it.

This little flaw doesn't affect me at all and don't care about it. Now getting to my text messages and such, that's a different story lol.

posted on 05 Mar 2013, 07:50

37. techspace (Posts: 394; Member since: 03 Sep 2012)


you are right, its not a serious problem.....and thank you for the info

posted on 04 Mar 2013, 07:39 24

2. hung2900 (Posts: 713; Member since: 02 Mar 2012)


Did Apple patent security lock flaws?

posted on 04 Mar 2013, 08:01 8

9. Mxyzptlk (Posts: 2842; Member since: 21 Apr 2012)


Apple has nothing to do with the article.

posted on 04 Mar 2013, 08:28 8

18. tedkord (Posts: 3905; Member since: 17 Jun 2009)


Sure they do. They're your motivation for posting in every Android article. They're your motivation for life, spreading the gospel of Apple.

posted on 05 Mar 2013, 04:25

33. nicholassss (Posts: 344; Member since: 10 May 2012)


plus wasnt there news about a similar issue with iOS 6?

posted on 04 Mar 2013, 07:41 11

3. ama3654 (Posts: 233; Member since: 27 Nov 2012)


Just go to settings, lockscreen and use password(High Security), problem solved!

posted on 04 Mar 2013, 08:04 1

12. Mxyzptlk (Posts: 2842; Member since: 21 Apr 2012)


That doesn't solve anything.

posted on 04 Mar 2013, 08:21 9

17. procopiojose (Posts: 132; Member since: 26 Oct 2012)


nothing can be accessed from your phone anyway.. people can live with it.. once the lock screen get activated, any window behind it is closed..

posted on 04 Mar 2013, 07:41 17

4. Nathan_ingx (Posts: 2964; Member since: 07 Mar 2012)


iOS 6.1.1 The pioneer of lock screen bypassing.

posted on 04 Mar 2013, 08:09 8

14. nlbates66 (Posts: 200; Member since: 15 Aug 2012)


wasn't it more like iOS 2.1 or iOS 4.1 that had the original glitch on iOS?

posted on 04 Mar 2013, 07:48 4

5. GALAXY-STORM (Posts: 328; Member since: 13 Oct 2012)


Great idea, Just in case if i forget the pattern combination. Thanks

posted on 04 Mar 2013, 07:51 9

6. omarr (banned) (Posts: 149; Member since: 15 Sep 2012)


Apple will sue them I am sure

posted on 04 Mar 2013, 07:55

7. spideyhead256 (Posts: 148; Member since: 05 Nov 2012)


Let the samsung flaming,and the down votes,COMMENCE! =P

posted on 04 Mar 2013, 07:59

8. thachlel (Posts: 61; Member since: 20 Apr 2012)


FYI, set pin security is still the same as pattern! 4.1.2

posted on 04 Mar 2013, 08:02

10. dexter_jdr (Posts: 995; Member since: 28 Jun 2012)


*eats popcorn*

posted on 04 Mar 2013, 08:06 1

13. KParks23 (Posts: 422; Member since: 13 Oct 2010)


This woks as described just tried it not really a big deal as it only shows ur home screen for a split second but still should not happen

posted on 04 Mar 2013, 08:17

15. amozhi (Posts: 89; Member since: 23 Oct 2012)


Nope it is not happening on my S3 (international version)

posted on 04 Mar 2013, 08:18 1

16. procopiojose (Posts: 132; Member since: 26 Oct 2012)


simple window transition delay.. you cannot do much since after the screen is locked, anything behind is closed or minimize by the os.. direct call via widget.. haha.. yeah someone who wants to peek on your phone will definitely do that..

posted on 04 Mar 2013, 08:47 2

19. drnggaj33 (Posts: 127; Member since: 29 Feb 2012)


just wipeout the phone to go pass lock screen lol ;)

posted on 04 Mar 2013, 16:28

28. _PHug_ (Posts: 380; Member since: 11 Oct 2011)


You have to be really bored to find things like this but it could be used for your benefit.

Set the call widget to dial 911, so when the thief tries to do this the cops can find them through the GPS

posted on 04 Mar 2013, 18:44 1

29. jroc74 (Posts: 3952; Member since: 30 Dec 2010)


Security flaw in Samsung Galaxy devices...(sort of)

That says it all....lol.

I just tried on my Maxx HD. I dont have that ICE contacts icon. I cant even do T9 dialing. Thats when you dial by the letters on the keypad. I am running 4.1.1 tho.

Its a flaw...but I hope ppl watch the...entire....clip...before comparing it to the iOS 6 flaw...thanks. But...just like with the iOS flaw....contacts....one could do a lil social engineering if you can place a call. So this isnt good either.

posted on 04 Mar 2013, 18:52 1

30. jroc74 (Posts: 3952; Member since: 30 Dec 2010)


Then when I tried to call my home phone, it said Failed!! Only emergency numbers can be called.

posted on 04 Mar 2013, 22:58

31. Jack58221 (Posts: 120; Member since: 23 Feb 2013)


Lol, I just set a lock pattern and all that to test this on my s3... not only does it work, but I could open my assistant app and talk to it from the lock screen then. could set alarms, sent a text, place a call and have it read upcoming events on my calendar.

posted on 04 Mar 2013, 23:02

32. Jack58221 (Posts: 120; Member since: 23 Feb 2013)


just tried it on a friend s3 and could open assistant too, but his turned off after the greeting and would not let him do anything. only difference I know of its that I use go launcher, but I don't see how a launcher could effect that.

Want to comment? Please login or register.

Latest stories