Yet another Samsung lockscreen hack identified

Mar 20, 2013
5
Yet another Samsung lockscreen hack identified

A new Samsung lockscreen hack has been identified, allowing unofficial access to PIN-secured Galaxy smartphones through a combination of keypresses and commands, though Samsung is apparently working on a software fix. The exploit relies on brief visibility of the phone's display, unlocked, after a failed emergency call placed from the lockscreen; though ponderous, you could use that access to download a screenlock disabler from the Google Play store.

The flaw was identified by Terrence Eden, who has something of a track record for spotting Samsung exploits. Earlier this month he found ways to bypass the lockscreen security on the Galaxy Note II, a hack which then prompted another researcher to come forward with a second hack, this time for the Galaxy S III.

Eden's latest discovery only allows for a brief period of interaction with the momentarily-unlocked phone at a time, but given sufficient access to repeat the process, it could allow for calls to be placed, apps downloaded, data viewed, or other illicit use to be made of the handset.

Eden says that he's been in communication with Samsung around the issue, and that the company will have a patch to address the loophole that it intends to release "shortly." He also offered to withhold an announcement of the exploit until that happened, something Eden says Samsung declined.

Until it's patched, however, there's no way to avoid the problem, bar removing Samsung's ROM and replacing it with a more standard Android installation. As ever, be careful who you leave your phone with.


Must Read Bits & Bytes