It seems Samsung has to follow suit with almost everything Apple does. We have already seen a couple of ways to bypass the lockscreen on any iDevice running iOS 6.1, and after it was revealed yesterday that the Galaxy Note 2's lockscreen can be briefly bypassed to access the home screen, a major bug has now been found on Samsung’s flagship, the Galaxy S3.
An S3 owner claims that the bug allows full access to the device. Security newsletter Full Disclosure's Sean McMillian has posted a variation of the method used to bypass the Note 2's lockscreen to defeat the Galaxy S3's security system. Instead of launching an application on the home screen, which was possible through the earlier bug, McMillian detailed how an attacker could access everything on the phone by simply locking the screen and then unlocking it again.
Keep your friends close, and your S3 closer!
McMillian tested the hack on three separate Galaxy S3 handsets and the bug was prevalent in all cases. He also said the issue is likely related to Samsung's TouchWiz UI, rather than a widespread Android security problem.
For those who would like to verify this hack, here are the steps as detailed in the Full Disclosure mailer:
- On the lockscreen with the passcode, PIN or pattern unlock enabled, press Emergency Call
- Press Emergency Contacts
- Press the Home button once
- Just after pressing the Home button, quickly mash the power or lock/unlock button
- If successful, pressing the power or lock/unlock button again will bring you to the Galaxy S3's home screen
McMillian said that the number of attempts it takes to perform this hack varies from device to device. McMillian’s Galaxy S3 units were running Android 4.1.2 Jelly Bean with kernel version 3.031-742798.
ZDNet reports that the problem persisted on their test Galaxy S3 unit even after the phone's screen was locked again. Their phone did not present the user with the lockscreen with the PIN, password, or pattern unlock challenge. Instead, it simply unlocked directly to the home screen.
The flaw comes shortly after it was revealed that the lockscreen on iOS 6.1 devices could be bypassed using the emergency call feature. Apple has yet to issue a global 6.1.3 update for iOS, which purportedly fixes the issue, but it is still in the works. The company has rolled out the update to developers.
Published Date: Mar 07, 2013 10:45 AM | Updated Date: Mar 07, 2013 10:45 AM