One of the ways to protect your smartphone from the prying eyes of others is to set a secure lockscreen; be it with the PIN, pattern, or password lock. But then again, they might not be good enough if you own a Samsung handset running Android 4.1.2, or in this particular case, the Galaxy Note 2.
Terrence Eden has opened our eyes last week about the security flaw on the Note 2 that allows well-informed individuals to bypass the phone’s lockscreen. Now, a similar lockscreen bug has been discovered.
All they have to do is place an emergency call from the lockscreen, enter any bogus number, hit the green dial button, dismiss the error message, and press the back button. That’s all it takes for someone to gain access to your homescreen – albeit only for a split second.
However, his video demonstration shows how those windows of opportunity – considering that the process can be easily repeated over and over again – were more than enough to let him access Google Play, do a Voice Search on a lockscreen disabler app, install and run the app, and ultimately defeat the system.
It took some persistence, but he pulled it off in less than 3 minutes.
Eden has contacted Samsung about the bug and the South Korean said that a software patch should be on its way soon. In the meantime, you may want to be extra careful with where you place your precious phone. Better yet, keep it safe with you at all times.
Like this post? Share it!
Bad juju. :-(
What if the phone is encrypted?
So, IF you have google play on your first screen AND you have room on that screen for the new icon AND you have play set to drop new icons in your home screen when you install them…
Seriously, Samsung may be good at manufacturing hardware, but the software is… well…
You can always launch an app from Google Play… and the default location of Google Play is on the first page. So the only requirement is that “you have google play on your first screen”… or can that be bypassed by doing a quick swipe? Whatever, programming fail, Samsung. First the Exynos exploit, then this. How ironic it is that Samsung’s ad said their phones are of high security!
Does the use of other lockers solve this problem, by the way?
Please stop posting Samsung devices find other devices and play with it. If you have a new technics how to rob the bank would like to posting it to the world.
This method also seems to work on the OG Note with JB. The old method didn’t :)
Tested it with my Note 2 and after presing back button, I can see destktop for a moment, but then I must insert pin. So no big problem.
It really isn’t that big of a deal especially when there are so many variables involved. Though I do agree that Samsung needs to patch this quickly because it does open up the possibility of someone gaining access to a locked phone. Honestly, it seems like the whole exploit is centered around the ICE contact feature which, while nice, is pretty useless.
these “exploits” are about the stupidest things i have ever seen. who in the hell has the time to sit around and play with a phone until they find new “exploits”? the average person that steals a phone or finds a phone isnt going to try these or have knowledge of these “exploits”. if i or anyone else really wanted someones phone it would be just as easy to take it, boot to recovery and factory reset it.
“who in the hell has the time to sit around and play with a phone until they find new “exploits”?”
Those people who sit around finding these exploits are usually called IT SECURITY EXPERTS!
You better thank whatever God you believe in that these people exist.