Printed from http://www.electronista.com

Samsung branch of Android contains lockscreen bypass bug

updated 06:05 pm EST, Mon March 4, 2013

Flaw allows for limited app access, direct dial execution

A flaw in Samsung's equivalent to Siri, S-Voice, allows for a very limited workaround of most of Samsung's Android 4.1.1 and 4.1.2 device security. Enthusiast Terence Eden discovered that given a very specific set of circumstances, the devices will allow an unauthorized user or thief to run apps and dial numbers, even when the device is locked. Five days after insuring that the Samsung security team was aware of the issue, Eden reports that he has not heard back from the Korean manufacturer about the flaw.

The procedure relies on nimble fingers to implement properly. Following a press of the "emergency call" button, if the user depresses the "ICE" button and holds down the physical home key for a few seconds, then the phone's home screen will be briefly displayed, allowing for a user to click an app or widget and allow it to execute. If the widget is a "direct dial," then the phone will dial the number, and start ringing.

The discoverer does admit the attack as it stands is of "limited value." Other than non-standard revisions of the OS being installed by the user, there is no protection against the procedure. Eden mentioned in his blog post that he "spoke to several external security people, and Samsung relationship managers within the industry, who have raised the issue directly with Samsung." He also claims Samsung has a "really poor record on Android security" and has yet to hear back from the security response team.

Superficially, the bug is similar to one found in Apple's iOS 6.1. The Apple bug requires a much more complex sequence to initiate, but allows greater access.




By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Adesso Xtream S3B Bluetooth speaker

Finding a speaker purpose-built for a specific need is challenging. Even when a Bluetooth speaker can be paired with a mobile device, ...

JBL Synchros E40BT headphones

For all the different configurations of headphones on the market, it's always a tough choice for buyers to get something that is just ...

Razer Taipan mouse

The list of gaming devices is growing larger with each passing day. A large number of companies have entered the gaming input arena, a ...

Sponsor

toggle

Most Commented

 
toggle

Popular News