Researcher says Samsung will release patch for lockscreen hole

Mar 21, 2013 by Nancy Owano report

(Phys.org) —A security researcher, describing some of his about-me features as "mobile enthusiast" and "Linux fiddler," this week discovered a security hole on an Android Samsung phone. In a March 20 posting on his blog, Terence Eden said he found a hole that would allow hackers to gain control of a phone's apps, dialer, and settings, and, here's the kicker, even though the phone is locked with password, PIN or other security approach. Potential trouble-making by an intruder could start with the emergency dialer, with certain steps that could result in allowing the intruder to interact with the device and disable the lockscreen as well. Eden discovered the flaw on a Galaxy Note II running Android 4.1.2.

While the ploy only allows the a brief time to interact, repeats of the process would result in the intruder able to do unwelcome tasks such as making calls and viewing data. (Actually, noted the Naked Security blog, success in making headway with the glitch would require "lightning-fast reflexes" as well as a cancelled call to emergency services.)

This video is not supported by your browser at this time.

Eden said, in his blog posting, "I have discovered another in Samsung Android phones. It is possible to completely disable the lock screen and get access to any app - even when the phone is 'securely' locked with a pattern, PIN, password, or . Unlike another recently released flaw, this doesn't rely quite so heavily on ultra-."

All Android phones, however, are not vulnerable to the same hole, according to Eden. He said the problem does not occur on stock . "I have only tested it on a Galaxy Note II running 4.1.2 - I believe it should work on Samsung Galaxy SIII. It may work on other devices from Samsung."

Samsung is paying attention to the discovery. Eden reported his discovery to Samsung late last month and they are working on a patch, he said, "which they assure me will be released shortly."

Explore further: Standalone wireless info display device an easy fit

Related Stories

Samsung reveals new Galaxy Note II

Aug 29, 2012

Fresh off a legal battle with Apple, Samsung is announcing a new version of the Galaxy Note, an offbeat, oversized smartphone that's become a surprise hit.

Samsung says 5 mn new-model Galaxy handsets sold

Jul 27, 2011

South Korea's Samsung Electronics, the world's second-largest mobile phone maker, said Wednesday it had sold five million Galaxy S II smartphones worldwide since the device debuted in April.

Danger on ice: Android info thaws in cold boot attack

Feb 18, 2013

(Phys.org)—Can low temperatures yield access to information in the phone's memory? Researchers found that a "FROST" attack can unlock an Android's phone data. Their research findings discuss how hackers ...

Recommended for you

Standalone wireless info display device an easy fit

Jan 25, 2015

A Latvian team has come up with a good-looking WiFi display device, connecting to the Internet using WiFi, which runs on a high-capacity built-in battery and tracks what's important to you. This is a standalone ...

Technology improves avalanche gear for backcountry skiers

Jan 25, 2015

As outdoor recreation companies increasingly cater to skiers and snowboarders who like to venture beyond the groomed slopes at ski resorts and tackle backcountry terrain, they've put a special emphasis on gear and equipment ...

Your future office desk may remind you, hey, to move it

Jan 23, 2015

Workers in all industries know by now that having a "desk" job might have its perks but frequent exercise is not one of them. Ample warnings from health experts have been headlined in the press reminding ...

Hands-on with Microsoft's hologram device

Jan 23, 2015

Microsoft didn't use skydivers or stunt cyclists to introduce what it hopes will be the next big leap in computing technology. Instead, with its new HoloLens headset, the company is offering real-world examples ...

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

evropej
1 / 5 (1) Mar 23, 2013
lol FAIL

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.