Wednesday, March 06, 2013

Lock screen bypass of Samsung Android phones allows full access to device

Following an earlier claim that the lock screen in the Galaxy Note II running 4.1.2 can be bypassed -- but only to the point of seeing what is on a home screen, direct dialing, and launching apps (which immediate go into the background, though) -- on Wednesday, a new bypass was discovered, one that Sean McMillian said could allow complete access to the phone.

Sean McMillian's bypass is somewhat of a variation on the method that the original discoverer of the bug, Terence Eden, used to briefly access the home screen on his Galaxy Note II. In McMillian's case, he tested the bug on three different Galaxy S IIIs. Notably, he was using the international version (GT-I9300) running 4.1.2.

For those wanting to verify the scenario themselves, it is as follows. Notably, timing is important, and even McMillian, who obviously tried it repeatedly, admitted it sometimes took as many as 20 times to get a "break into" the device.
  • On the code entry screen, press Emergency Call
  • Press Emergency Contacts
  • Press the Home button once
  • Just after pressing the Home button, press the power button quickly
  • If successful, pressing the power button again will bring you to the home screen.
We were able to replicate the issue on an international Galaxy S III running 4.1.2. We were not able to replicate the issue on a Verizon Galaxy S III running 4.1.1. However, we were able to replicate the original bug, discovered by Eden.

Interestingly, once the lock screen is bypassed, the bug appears to persist, so that when the phone's screen is turned back off, the phone will not re-challenge a user for a PIN, password, or pattern.

The flaw comes shortly after it was revealed that the lock screen in iOS 6.1 can be completely bypassed, again using the emergency call feature. Just as with the Galaxy S III, timing is critical in the iOS bypass, but even if you can get the exploit to work, you can only view and modify contacts, listen to voicemail, and browse your photos (by attempting to add a photo to the aforementioned contact list). Full access to the device is not allowed.

No comments: