Another day, another lock screen bug. After issues were discovered with Apple devices running iOS 6.1 and Samsung's Galaxy S III, a new bug has been discovered on Samsung hardware that could allow full access to a user's phone. The vulnerability was discovered by Terence Eden, who recently found a different lock screen bug with the Galaxy Note II.
The new issue found by Eden again revolves around the Emergency Call functionality of a Samsung device. After a person makes a failed call on the emergency screen, the device apparently flashes the previously open app for a brief moment, which is just enough time for someone actually use the app on the screen before it locks again. Eden demonstrates how a person could exploit this bug to search for apps in the Google Play Store using voice control and install an app that disables the device's lock screen. Eventually Eden is able to run the app and gain full access to the handset. The phone used in the demonstration is a Galaxy Note II running Android 4.1.2, and Eden says that it should also work on a Galaxy S III.
Taking advantage of this bug is something that would require the person to have fast hands and access to a Samsung device for a few minutes, but if performed correctly, it could grant access to any app on the phone. The good news is that Eden reported the bug to Samsung in late February, and that the company responded by saying that it's working on a fix that should be available soon. To help protect against this issue, it'd be a good idea to keep your handset as close to you as possible and out of the hands of any ne'er-do-wells, which is probably something that you should be doing anyway. A video of Eden performing the exploit on a Galaxy Note II can be found below.
- Log in to post comments