Printed from http://www.electronista.com

Samsung branch of Android contains lockscreen bypass bug

updated 06:05 pm EST, Mon March 4, 2013

Flaw allows for limited app access, direct dial execution

A flaw in Samsung's equivalent to Siri, S-Voice, allows for a very limited workaround of most of Samsung's Android 4.1.1 and 4.1.2 device security. Enthusiast Terence Eden discovered that given a very specific set of circumstances, the devices will allow an unauthorized user or thief to run apps and dial numbers, even when the device is locked. Five days after insuring that the Samsung security team was aware of the issue, Eden reports that he has not heard back from the Korean manufacturer about the flaw.

The procedure relies on nimble fingers to implement properly. Following a press of the "emergency call" button, if the user depresses the "ICE" button and holds down the physical home key for a few seconds, then the phone's home screen will be briefly displayed, allowing for a user to click an app or widget and allow it to execute. If the widget is a "direct dial," then the phone will dial the number, and start ringing.

The discoverer does admit the attack as it stands is of "limited value." Other than non-standard revisions of the OS being installed by the user, there is no protection against the procedure. Eden mentioned in his blog post that he "spoke to several external security people, and Samsung relationship managers within the industry, who have raised the issue directly with Samsung." He also claims Samsung has a "really poor record on Android security" and has yet to hear back from the security response team.

Superficially, the bug is similar to one found in Apple's iOS 6.1. The Apple bug requires a much more complex sequence to initiate, but allows greater access.




By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Advertisement

Recent Reviews

Moshi iVisor AG and XT for iPad Air 2

Have you ever tried to put in a screen protector that relies on static to cling to the screen? How many bubbles and wrinkles does it h ...

Epson PowerLite Home Cinema 3500 projector

Trying to find the perfect projector for a home theater can be tricky, as there are bountiful options on the market from a large numbe ...

Thecus N2310 NAS

For every computer user, there comes a point of critical mass in data storage. When it hits, external hard drives, USB sticks and DVD ...

Advertisement

toggle

Most Commented

 
toggle

Popular News