Over the last month or so hacks that bypass the lockscreen for some Samsung smartphones have been identified. Another lockscreen bypass has now been identified that allows access to PIN-secured Galaxy smartphones by unauthorized users. The exploit uses a combination of key presses and commands to bypass the lockscreen.
This new exploit has a specific set of circumstances required for it to function. The exploit is reportedly reliant on brief visibility of the phone display after a failed emergency call is placed from the lock screen. The hack was unveiled by Terrence Eden who has discovered Samsung exploits in the past. In fact, Eden was responsible for discovering the security flaw that allowed users to bypass the home screen on the GALAXY Note II earlier this month.
This new lockscreen bypass only allows the nefarious user to briefly interact with the phone. However, with enough time to repeat the process a nefarious user could take advantage of this bypass to place calls, download apps, view data, and perform other tasks.
Samsung has promised a software patch to fix this issue at some point in the future. However, those who are highly security sensitive have no recourse to block this particular vulnerability aside from installing their own custom ROM on their device. Interestingly, Eden says that he offered to not publish details of the vulnerability until Samsung issued a patch and Samsung declined.
[via SlashGear]
Samsung and their lockscreens smh