Samsung Galaxy S3 bug allows full phone access
You might have heard about a vulnerability in several builds of iOS 6 that lets you bypass the lockscreen without entering a passcode. A bug was also recently found on Samsung’s Galaxy Note2 that allows you to launch anything immediately behind the lock screen. And now, it’s the Galaxy S3 which contains the same security flaw. So it won’t be wrong to state that the issue lies within Samsung’s own software overlay.
According to an S3 owner, the bug allows full access to the device.
Tech2 reports:
According to an S3 owner, the bug allows full access to the device.
Tech2 reports:
Security newsletter Full Disclosure's Sean McMillian has posted a variation of the method used to bypass the Note 2's lockscreen to defeat the Galaxy S3's security system. Instead of launching an application on the home screen, which was possible through the earlier bug, McMillian detailed how an attacker could access everything on the phone by simply locking the screen and then unlocking it again.
McMillian tested the hack on three separate Galaxy S3 handsets (runningAndroid 4.1.2 Jelly Bean with kernel version 3.031-742798) and the bug was prevalent in all cases. He also said the issue is likely related to Samsung's TouchWiz UI, rather than a widespread Android security problem.
The Full Disclosure mailer details the steps for verifying this hack:
1. On the lockscreen with the passcode, PIN or pattern unlock enabled, press Emergency Call
2. Press Emergency Contacts
3. Press the Home button once
4. Just after pressing the Home button, quickly mash the power or lock/unlock button
5. If successful, pressing the power or lock/unlock button again will bring you to the Galaxy S3's home screen
The number of attempts it takes to perform this hack varies from device to device.
Samsung, on the other hand, has confirmed a fix is indeed on its way, saying: “Samsung considers user privacy and the security of user data its top priority. We are aware of this issue and will release a fix at the earliest possibility.”
2. Press Emergency Contacts
3. Press the Home button once
4. Just after pressing the Home button, quickly mash the power or lock/unlock button
5. If successful, pressing the power or lock/unlock button again will bring you to the Galaxy S3's home screen
The number of attempts it takes to perform this hack varies from device to device.
Samsung, on the other hand, has confirmed a fix is indeed on its way, saying: “Samsung considers user privacy and the security of user data its top priority. We are aware of this issue and will release a fix at the earliest possibility.”