March 4, 2013
Security Flaw In Samsung Galaxy Note II Allows Users To Bypass Locks
Michael Harper for redOrbit.com — Your Universe Online
Bad news for any Samsung Galaxy Note II owner running Android 4.1.2 with a direct call widget on their home screen and a tendency to leave their devices laying about. A tricky new hack has been discovered which bypasses the lock screen and allows hackers access to the home screen for but a split second.
This “vulnerability” has been discovered a few weeks after a similar flaw was found in Apple´s iPhone.
First exposed by Terence Eden, of Terence Eden Has A Blog, this hack has been found to work in “limited circumstances,” no matter what method users choose to lock their phones, third party or otherwise.
In a video posted to his blog, Eden says he´s noted the vulnerability on Samsung´s version of Android 4.1.2, the stock version of Android which ships with the device. He also openly admits that he hasn´t tried to replicate this behavior on any other device other than the latest UK variant of the Note II.
The entire tricky process, as explained by Eden, is as follows:
1. Lock the device with a "secure" pattern, PIN, or password.
2. Activate the screen.
3. Press "Emergency Call".
4. Press the "ICE" button on the bottom left.
5. Hold down the physical home key for a few seconds and then release.
6. The phone's home screen will be displayed - briefly.
7. While the home screen is displayed, click on an app or a widget.
8. The app or widget will launch.
9. If the widget is "direct dial" the phone will start ringing.
Performing these actions will very briefly reveal the user´s home screen and any apps or widgets located therein. However, if a potential hacker is able to tap an app quickly enough, it will only be displayed for a split second before returning to the lock screen. This vulnerability affects users with a direct call widget on their home screen the most, as quickly tapping this icon will allow the call to go through. Once the hacker hangs up, the device is locked once more.
Eden says this vulnerability has a very “limited scope.”
“Running the apps is also of limited use - they go into the background immediately. If the app performs an action on launch (like recording from the microphone, switching on the flash, playing music, interacting with a server) that action will occur,” he adds.
While this vulnerability does allow brief access to the device, even Eden, the guy who discovered the hack, had difficulty replicating it in his video.
According to Eden, the vulnerability works no matter which locking method is used: bypassing pattern lock, PINs, passwords and even face unlock. For now, concerned Note II users can only remove any widgets which may reveal sensitive information from their home screens, such as calendars, direct call buttons or email.
Eden has brought this vulnerability to the attention of Samsung, but says because there is no “responsible disclosure team” at the company, the best he´s been able to do is send an email to an unlisted address. After five days without a response from Samsung, Eden shot and posted the video explaining the vulnerability to alert Note II owners.
A similar and more difficult vulnerability was found in Apple´s iPhone last month. To bypass the iPhone lock screen, would-be hackers need to place an emergency call, immediately hang up, and then fidget with the power and home buttons. Though more difficult to pull off, the Apple vulnerability completely bypasses the lock screen, leaving the entire phone wide open.Apple has since issued a fix.
So far, there is no word from Samsung about a fix for the Note II vulnerability.