ID: IRCNE2013051849
Date: 2013-05-18
According to “ZDNet”, attackers are able to bypass the lock screen on the Samsung Galaxy Note II smartphone, a device that the Korean electronics giant is pitching to enterprise customers.
First discovered by self-confessed mobile enthusiast Terence Eden, he outlines the flaw that allows an attacker to bypass the device's pattern lock, PIN code, longer alphanumeric password, and even the face unlock security feature.
It's not clear if the flaw lies within Samsung's devices or the Android platform, or both. However, this flaw may not be limited to Samsung's Note II or Android 4.1.2, and users and IT managers alike should test their devices immediately.
From the lock screen, an attacker can hit the emergency contacts button. Then, by holding down the home button, the unlocked home screen is momentarily displayed. That alone is enough to see what's on the home screen. Getting the timing right, users can direct dial and launch apps—though the attacker can only see what's briefly displayed rather than directly use the apps.
Changing to a different launcher or third-party lock screen will not protect you if it accesses the emergency dialer.
It comes only a couple of weeks after a similar flaw was discovered in the lock screen of Apple's iPhone, running the latest iOS 6.1 software.
Despite a couple of updates by Apple to iOS 6.1 since then, no fix has yet been released. Reports suggest iOS 6.1.3, due out in the next week or two, will in fact fix the flaw.
- 3