Summary: Another day, another lock screen flaw. Some Samsung devices running Android 4.1.2 can allow a 'total bypass' of the device's lock screen.
Another security flaw has been discovered on some Samsung phones that allows complete access to a device.
Discovered by the same mobile enthusiast as the previous flaw, Terence Eden warns that this new bug could allow users to bypass the lock screen entirely through the use of third-party apps.
This affects pattern unlocks, PIN code screens, and face detection security.
The flaw was tested on a Samsung Galaxy Note II running Android 4.1.2 as before — but it does not appear to exist on stock Android from Google, suggesting this is limited to Samsung phones only. This flaw may exist in other Android phones, notably Samsung devices, and users and IT managers alike should test their devices immediately.
The method involves much of the same steps as before, and involves having direct access to the device. Also, the methodology may include repeating some steps, so by far this is not an easy way to gain unauthorized access to a Samsung device.
From the lock screen, an attacker can enter a fake emergency number to call which momentarily bypasses the lock screen, as before. But if these steps are repeated, the attacker has enough time to go into the Google Play application store and voice search for "no locking" apps, which then disables the lock screen altogether.
From there, the device is left wide open.
Eden said that he disclosed this to Samsung in late February, but unlike last time, the Korean giant responded. A software fix to this lock screen bypass will be "released shortly," according to Eden.
It comes only a few weeks after a similar flaw was discovered in the lock screen of Apple's iPhone in iOS 6.1. This was fixed on March 19, more than a month after it was first discovered. Samsung did not fix the original lock screen bug, leaving millions of devices potentially at risk from privacy invasion. More worryingly, now a similar flaw can open up the device completely.
For now, only a third-party ROM can prevent such attacks. According to Eden, one software ROM designed for the Galaxy S III claims to have fixed the problem.
Courtesy zdnet
تیری انگلیاں میرے جسم میںیونہی لمس بن کے گڑی رہیں
کف کوزه گر میری مان لےمجھے چاک سے نہ اتارنا
thanks for sharing
shukur k me pas samsung ni
Thanks for inform
Nice sharing
me pass Samsang Galaxy Note 2 hai lekin jo yeh keh rhay hain as such mere pass tu kuch nhi hua
Sun Yaara Sunn Yaara
Tere IshQ Daa Cholaa Paaya
ahaan interesting sharing hai
28
15) informative hai aur na samsung b achi ja rahi hai
46. aisa b hota hay, khair s3 k liye fix kar liya acha hay
ღ∞ ι ωιll αlωαуѕ ¢нσσѕє уσυ ∞ღ
3.nice info main sumsung use nhe karti