ID: IRCNE2013031793
Date: 2013-03-22
According to "zdnet", another security flaw has been discovered on some Samsung phones that allows complete access to a device.
Discovered by the same mobile enthusiast as the previous flaw, Terence Eden warns that this new bug could allow users to bypass the lock screen entirely through the use of third-party apps.
This affects pattern unlocks, PIN code screens, and face detection security.
The flaw was tested on a Samsung Galaxy Note II running Android 4.1.2 as before — but it does not appear to exist on stock Android from Google, suggesting this is limited to Samsung phones only. This flaw may exist in other Android phones, notably Samsung devices, and users and IT managers alike should test their devices immediately.
The method involves much of the same steps as before, and involves having direct access to the device. Also, the methodology may include repeating some steps, so by far this is not an easy way to gain unauthorized access to a Samsung device.
Samsung did not fix the original lock screen bug, leaving millions of devices potentially at risk from privacy invasion. More worryingly, now a similar flaw can open up the device completely.
For now, only a third-party ROM can prevent such attacks. According to Eden, one software ROM designed for the Galaxy S III claims to have fixed the problem.
- 2