Less than a month after a new bug was discovered in iOS 6.1 that allowed users to bypass an iPhone's lock screen, a similar issue has been found with Samsung's Galaxy S III. Originally discovered by Sean McMillan at Full Disclosure, the Galaxy S III's bug can grant a user access to the entirety of the device, provided that they've got quick fingers. The vulnerability can be exploited by tapping the Emergency Call button on the S III's home screen, then heading into the Emergency Contacts menu, pressing the home button and then pushing in the power button. If performed correctly, pressing the power button one more time will bring up the S III's home screen. The lock screen of the device won't return until the phone is rebooted.
The bug takes some precise timing to get working, but Full Disclosure was able to replicate it on a Galaxy S III running Android 4.1.2, and Engadget also got it to work on an S III with Jelly Bean. The good news is that Samsung is aware of the problem, telling Engadget that it's planning to push out a fix as quickly as it can. The company's full statement:
"Samsung considers user privacy and the security of user data its top priority. We are aware of this issue and will release a fix at the earliest possibility."
As with previous lock screen bugs, this Galaxy S III vulnerability can be pretty tough to take advantage of because of the precise timing that it requires. It's still an issue, though, and so it's good to hear that Samsung is working on a patch. We'll be sure to give you a heads-up once the solution starts rolling out. It'd be a good idea to be careful about where you leave your phone and who you give it to until then, but really, it's probably wise to do that all of the time. Are you able to replicate this lock screen bug on your Galaxy S III?
Via Full Disclosure, Engadget