Apple had a tough time fixing the lock screen bypass bug that came along with its recent iOS 6.1 update and now, it's revealed that a similar bug allows hackers to bypass the lock screen on Samsung Galaxy S3 and Samsung Galaxy Note 2.
According to initial reports, the lock screen could be bypassed momentarily but now, it's found that the vulnerability allows hackers to break the lock screen on Galaxy S3 handsets completely. The bypass method was first brought on to the public notice by Terence Eden who discovered a bug with which one could briefly access the home screen on his Galaxy Note 2. This was shortly followed by a separate post on the Full Disclosure mailing list by another individual named Sean McMillian who detailed a variation on the original method that allows for full access to the Samsung device, ZD Net reports.
Testing the bug on three different Galaxy S3 devices, McMillian confirmed the bug and concluded that the issue is more of a Samsung's software related bug than a widespread Android issue. According to the new method, when followed correctly, it enables anyone to access the handset's home screen without having to correctly enter the lock screen and most importantly, it does not necessitate the attacker to enter the pattern, PIN, or other lock method in place once the bypass has been successfully used.
According to McMillion, if the hacker locks the screen and then unlocks it again instead of launching an application on the home screen, the vulnerability would allow full access to the phone. The folks at ZD Net claimed to have confirmed the complete bypass on Galaxy S3 running Android 4.1.2 while acknowledging that the timing to replicate the issue is very small and difficult to replicate at first. "Once bypassed, the bug appears to persist, even when the phone's screen is turned back off, no longer challenging the user for their PIN, password, or pattern," the report says. However, they were not able to completely bypass the lock screen on Galaxy Note 2 running Android 4.1.1.
Follow the below-given instructions provided by McMillian (via ZD Net) to verify if your device is vulnerable:
Step 1: On the code entry screen, press Emergency Call.
Step 2: Press Emergency Contacts.
Step 3: Press the Home button once.
Step 4: Just after pressing the Home button, press the power button quickly.
Step 5: If successful, pressing the power button again will bring you to the S3's home screen.
Check out the video below to see the original method by Eden (Via Engadget):
© Copyright 2024 Mobile & Apps, All rights reserved. Do not reproduce without permission.