Just what we need, another lock screen vulnerability.
A self-proclaimed mobile enthusiast discovered a security vulnerability in a Samsung Galaxy Note 2 that could give anyone access to a user's home screen, including making phone calls.
Terence Eden posted about the security loophole on his personal blog today, describing the method that can bypass pattern lock, PIN, passwords, and even face unlock.
To bypass a user's lock screen, someone can press the emergency call button followed by the "in case of emergency" icon on the bottom left of the keypad.
Then by holding the home button for a few seconds, the home screen will flash briefly before returning to the lock screen.
An inefficient flaw
It may be a somewhat small security flaw, since the home screen only flashes for less than a second, but Eden demonstrated that fast fingers can access any quick dial numbers a user may have set up on their home screen.
The method can also be used to launch apps on the user's home screen, though they'll only be visible for less than a second before returning to the lock screen with the app running in the background.
Though an inefficient method of hacking, a persistent attacker could access a user's calendar and contacts through this method.
The method was tested on a Samsung Galaxy Note 2 running Android 4.1.2 Jelly Bean. It's unknown if the security flaw is limited to the Note 2- Samsung's version of Android - or whether it's a wider issue in Android 4.1.2.
Eden said he contacted Samsung about his discovery, but said that after five days, he's yet to hear from the South Korean company. Maybe after today's public revelation, the firm will feel prompted to issue a response.
