Security hole allows anyone to bypass and disable Galaxy Note 2’s lockscreen [video]

March 20, 2013
32 27 10

galaxy-note-2

One of the ways to protect your smartphone from the prying eyes of others is to set a secure lockscreen; be it with the PIN, pattern, or password lock. But then again, they might not be good enough if you own a Samsung handset running Android 4.1.2, or in this particular case, the Galaxy Note 2.

Terrence Eden has opened our eyes last week about the security flaw on the Note 2 that allows well-informed individuals to bypass the phone’s lockscreen. Now, a similar lockscreen bug has been discovered.

All they have to do is place an emergency call from the lockscreen, enter any bogus number, hit the green dial button, dismiss the error message, and press the back button. That’s all it takes for someone to gain access to your homescreen – albeit only for a split second.

However, his video demonstration shows how those windows of opportunity – considering that the process can be easily repeated over and over again – were more than enough to let him access Google Play, do a Voice Search on a lockscreen disabler app, install and run the app, and ultimately defeat the system.

It took some persistence, but he pulled it off in less than 3 minutes.

Eden has contacted Samsung about the bug and the South Korean said that a software patch should be on its way soon. In the meantime, you may want to be extra careful with where you place your precious phone. Better yet, keep it safe with you at all times.

Comments

  • lean6

    Bad juju. :-(

  • MasterMuffin

    What if the phone is encrypted?

  • http://www.facebook.com/dan.zenz Dan Zenz

    So, IF you have google play on your first screen AND you have room on that screen for the new icon AND you have play set to drop new icons in your home screen when you install them…

    • TY

      Seriously, Samsung may be good at manufacturing hardware, but the software is… well…

      You can always launch an app from Google Play… and the default location of Google Play is on the first page. So the only requirement is that “you have google play on your first screen”… or can that be bypassed by doing a quick swipe? Whatever, programming fail, Samsung. First the Exynos exploit, then this. How ironic it is that Samsung’s ad said their phones are of high security!

      Does the use of other lockers solve this problem, by the way?

  • Rath Mam

    Please stop posting Samsung devices find other devices and play with it. If you have a new technics how to rob the bank would like to posting it to the world.

  • LAKAME

    This method also seems to work on the OG Note with JB. The old method didn’t :)

  • UbiMaiden

    Tested it with my Note 2 and after presing back button, I can see destktop for a moment, but then I must insert pin. So no big problem.

  • CoolCustomer

    It really isn’t that big of a deal especially when there are so many variables involved. Though I do agree that Samsung needs to patch this quickly because it does open up the possibility of someone gaining access to a locked phone. Honestly, it seems like the whole exploit is centered around the ICE contact feature which, while nice, is pretty useless.

  • http://www.facebook.com/TheYellowTiger Shawheim Merchant

    these “exploits” are about the stupidest things i have ever seen. who in the hell has the time to sit around and play with a phone until they find new “exploits”? the average person that steals a phone or finds a phone isnt going to try these or have knowledge of these “exploits”. if i or anyone else really wanted someones phone it would be just as easy to take it, boot to recovery and factory reset it.

    • Jon

      “who in the hell has the time to sit around and play with a phone until they find new “exploits”?”

      Those people who sit around finding these exploits are usually called IT SECURITY EXPERTS!

      You better thank whatever God you believe in that these people exist.