Galaxy Note 2 lock screen bug lets attackers access popup browser
Since we reported last week that Samsung Galaxy Note 2 has a lock screen bug, which lets users take a sneak peek of the home screen and cause limited potential harm, another blogger has discovered more exploits that are possible despite a lock screen protecting the phablet.
An Indian blogger named Ganesh first found the issue and wrote a detailed post about it. To summarize, any user simply needs to select an item listed in the information ticker. The device then prompts the user to enter the passcode to unlock the device. However, by tapping Emergency call button, the device displays the Emergency dialer window but with the Popup Browser open and fully usable. Ganesh claims that any attacker can visit webpages that has stored your personal data. Furthermore, through the browser, the attacker can also see what is in the clipboard.
Naturally, Note 2 users need not worry about this problem unless their device is stolen and has its lock screen’s information ticker enabled. The problem can also be avoided by selecting a full screen Internet browser as the default app for launching links.
On a lighter note, Samsung is well aware of the issue and is planning to release a security patch. A company rep told CNET in an email the following statement:
Samsung considers user privacy and the security of user data its top priority. We are aware of this issue and will release a fix at the earliest possibility.
In the meantime, users can download the Lookout Security & Antivirus app. Its latest update protects Galaxy S3, Galaxy Note 2, and Galaxy S3 Mini devices from the bug that bypasses their lock screens. It is especially useful for the S3 since its bug can actually disable the lock screen and thereby provide complete control over the device.