updated 04:23 pm EDT, Wed March 20, 2013
Speedy implementation required, less precision needed than previous flaw
Another security flaw has been found in Samsung's implementation of Android. Blogger Terence Eden warns again that yet another lock screen bug on Samsung Android devices can allow malicious users to completely bypass the lock screen through the use of third party apps, affecting pattern unlocks, PIN code screens, and face detection locking.
The flaw exists on the Samsung Galaxy Note II phablet and Galaxy S III smartphone running Android 4.1.2, but does not exist on the "stock" Android as provided by Google, laying the cause of the flaw squarely in Samsung's lap. From the lock screen, an attacker can enter a fake emergency number which can momentarily bypass the lock screen. If the bypass steps are repeated, the attacker can enter the Google Play app store, and voice search for apps that prevent locking, which will then permanently disable the lock screen.
Eden reports that Samsung has finally responded to his reports of the flaw. Samsung claims to have a fix "released shortly" for the exploit. Until the fix is released, a third-party ROM can prevent the attack. If the user selects to disable screen animations, the amount of time the app screen is displayed is lessened, but not eradicated.