Lock screen hack for Samsung Galaxy phones running Android 4.1.2 uncovered
Just yesterday we brought news that Apple had launched iOS 6.1.3 to plug a particularly unpleasant security hole that allowed the iPhone‘s lock screen to be bypassed.
Judging by evidence that came to light today, it looks as it Samsung is going to have to issue a similar patch for its handsets running the forked version of Android Jelly Bean version 4.1.2.
Mobile enthusiast and blogger Terrence Eden posted a video on his personal site displaying how best-selling handsets like the Samsung Galaxy Note 2 and Galaxy S3, running the company’s implementation of Android 4.1.2 can be hacked into through a series of complex button pushes.
The flaw, which doesn’t appear to affect Samsung handsets running other versions of Android, allows the lock screen to be disabled through the device’s emergency call screen.
Eden uncovered a method whereby dialing an invalid emergency number (like zero) leaves the home screen open for a fraction of a second, long enough to issue a single command, such as opening the Google Play.
With impeccable timing and very quick fingers Eden was able to repeat the process enough times to activate voice search within the Play Store, ask for a “No lock” app, download, install and open it. This completely deactivated all security measures, including pattern unlock, pass code and face unlock.
Eden claims the flaw is not evident in the stock version of Android and said the only way to completely conquer it is to root the device and remove Samsung’s Marmite-esque TouchWiz user-interface.
However, help may be on the way. He also revealed that he reported the flaw to Samsung at the end of last month and was assured by the company that it was working on a fix.
Check out his methods in the video below. Regardless of how worrying the flaw is for Samsung owners, it’s pretty darn impressive that Eden was able to a) discover this and b) execute it.
(YouTube)YEsdHs0-W-Y(/YouTube)
Via TechCrunch