ID: IRCNE2013031775
Date: 2013-03-05
According to "zdnet", attackers are able to bypass the lock screen on the Samsung Galaxy Note II smartphone, a device that the Korean electronics giant is pitching to enterprise customers.
First discovered by self-confessed mobile enthusiast Terence Eden, he outlines the flaw that allows an attacker to bypass the device's pattern lock, PIN code, longer alphanumeric password, and even the face unlock security feature.
It's not clear if the flaw lies within Samsung's devices or the Android platform, or both. However, this flaw may not be limited to Samsung's Note II or Android 4.1.2, and users and IT managers alike should test their devices immediately.
From the lock screen, an attacker can hit the emergency contacts button. Then, by holding down the home button, the unlocked home screen is momentarily displayed.
Eden tested this on just one class of handset, the latest U.K. variant of Android 4.1.2 "Jelly Bean" running on two Samsung Galaxy Note II devices. One was rooted, and the other not. Both were running the stock launcher and lock screen.
He notes that changing to a different launcher or third-party lock screen "will not protect you if it accesses the emergency dialer."
While apps are automatically run in the background when the lock screen is bypassed, "there is also the privacy concern that an attacker could see what apps you have installed on your homescreen—or see your calendar/emails if you use a widget which displays them."
It comes only a couple of weeks after a similar flaw was discovered in the lock screen of Apple's iPhone, running the latest iOS 6.1 software.
- 2