Printed from http://www.electronista.com

Samsung branch of Android contains lockscreen bypass bug

updated 06:05 pm EST, Mon March 4, 2013

Flaw allows for limited app access, direct dial execution

A flaw in Samsung's equivalent to Siri, S-Voice, allows for a very limited workaround of most of Samsung's Android 4.1.1 and 4.1.2 device security. Enthusiast Terence Eden discovered that given a very specific set of circumstances, the devices will allow an unauthorized user or thief to run apps and dial numbers, even when the device is locked. Five days after insuring that the Samsung security team was aware of the issue, Eden reports that he has not heard back from the Korean manufacturer about the flaw.

The procedure relies on nimble fingers to implement properly. Following a press of the "emergency call" button, if the user depresses the "ICE" button and holds down the physical home key for a few seconds, then the phone's home screen will be briefly displayed, allowing for a user to click an app or widget and allow it to execute. If the widget is a "direct dial," then the phone will dial the number, and start ringing.

The discoverer does admit the attack as it stands is of "limited value." Other than non-standard revisions of the OS being installed by the user, there is no protection against the procedure. Eden mentioned in his blog post that he "spoke to several external security people, and Samsung relationship managers within the industry, who have raised the issue directly with Samsung." He also claims Samsung has a "really poor record on Android security" and has yet to hear back from the security response team.

Superficially, the bug is similar to one found in Apple's iOS 6.1. The Apple bug requires a much more complex sequence to initiate, but allows greater access.




By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lacking ...

Sponsor

toggle

Most Commented

 
toggle

Popular News