Galaxy S II

We love to think that once we set a pattern lock -- or any sort of lock -- on our beloved Android device that our information is safe, right? Well, the guys at BGR noticed that the information on the upcoming AT&T version of the Samsung Galaxy S II isn't so safe behind a once trusted pattern lock, and that it can quite simply be bypassed.

All you have to do to get around this is wake the device using the lock key, then let the screen time out, then wake it again with the lock key and you can access all the data. We have seen similar issues with Samsung in the past on the Fascinate, so maybe it is time they take a step back from all the added customizations. We can confirm that it happens on our review unit of the AT&T version, but the Sprint version does not suffer from the same issue.

Note that this indeed is a problem with all of the included locking mechanisms -- pattern, pin and password.

Hit the break check out a quick video of it in action and the official response from Samsung

Source: BGR

 

Samsung and AT&T are aware of the user interface issue on the Galaxy S II with AT&T. Currently, when using a security screen lock on the device, the default setting is for a screen timeout. If a user presses the power button on the device after the timeout period it will always require a password. If a user presses the power button on the phone before the timeout period, the device requests a password – but the password is not actually necessary to unlock it.

Samsung and AT&T are investigating a permanent solution. In the meantime, owners of the Galaxy S II can remedy the situation by re-setting their time-out screen to the “immediately” setting. This is done by going to the Settings ->Location and Security->Screen unlock settings->Timeout->Immediately.

 

Reader comments

Major security flaw found in AT&T's upcoming Samsung Galaxy S II device [updated]

27 Comments

Wow, that's nasty. Then again, you can hold the phone at an angle and look for the swipe trail to unlock most others without this bug.

Does it work the same for the PIN unlock?

Only if the person using the phone doesn't do anything else after the unlock. The chance of that is pretty slim if you just pick up a random phone. If you want to f with a friend, then its easier as you can clean the screen, have him unlock it and check the smudge pattern.

How in god's name did this happen?

If it works on one SII, why would it fail with a different one?
What would the do on an AT&T version that they don't do for others?

And how did they get in front of basic Android Functionality like the lock screen?

This doesn't happen with ALL android devices (just tried m LG Optimus V with CM7 ROM), and it stays pattern locked. So either AT&T or Samsung did something wrong here. This confirms my theory, the more bare Android, the better.

Dear ATT,

Stop f'ing with Android devices to make your Cr'Apple phones look better. Once again Apple fell behind the innovations and you and your half-baked network are scrambling to make it better. Maybe you should go back to carrying the iPhone exclusively. While you're at it, stop selling Android phones too. Blocking sideloading and hindering the capabilities of Android devices is a shady practice. Spend more money on the network and less on screwing your customers!

You give AT&T far too much credit.

They have no one competent to make any changes in Android on any device. They hire this work done by the manufacturer.

This babe lies directly at Samsung's door step. It isn't the first phone they screwed up.

For once AT&T is blameless, if only by virtue of being clueless.

I'm invoking Hanlon's razor here.

PRETTY sad how apple is doing anything they can to bring down samsung even using At&t should've been expected. Apple is so sad and so is at&t

I knew you were stupid, but I had no idea you were THIS stupid. Did you even bother reading the article? It has absolutely nothing to do with Apple. Not one bit. Apple isn't mentioned anywhere but in the comments section by idiots like you. TRY reading the article for once in your life. You might grasp the situation better. "PRETTY sad how" much of a moron you are.

I think a screen lock gives too many people a false sense of security. You have a mobile computing unit in your hand. Much like the computer you have at home (or in your backpack), it is prone to snoops and thieves. No manner of barrier you put up to prevent information from being obtained from your device will shield it 100%. If someone out there is desperate enough or just plain bored enough that they want to gain access to your computing device (hello PSN?!), it'll be done.
I see this as a minor thing that I'm sure Samsung will fix in some update, but putting your eggs in the basket of the lock screen is simply not wise.
/2cents.

This is why Samsung should stop being a proud creature and spending so much time on TouchWiz. Sure, it's neat, but for the average consumer, if all manufacturers ran the basic interface that Google provided with the Android code, people wouldn't have to learn a new Android phone after using their last one. Not only that, but as you can see, a manufacturer messed with standard Android code and messed something up in the process. AOSP. Nuff said.

Seems to be an issue with 2.3.5...just tried it on my European gs2 which has same issue sadly

There is an even bigger security flaw on all phones using pattern locking. Cubfan mentioned it. Hold the phone at an angle and the smudge pattern is usually obvious. I've seen it on my phone. The smudge is obvious because most actions after unlocking the phone are touches, not swipes. I use a pin now. I used to use my fingerprint reader, but it was only 25% usable most of the time (buggy Atrix).

You can use an app from the market like missed message flasher. It will quickly flash the screen on then off. I haven't used it personally but would look to something like that if I had a phone without a light. There is also an intriguing looking app called NoLed that will flash a simple icon on your screen like a mail envelope or whatever. Looks kind of neat. Probably really looks good on super amoled screens due to their nice black levels.

Now we will see how long it takes Samsung to support updates on their new devices. Hope it's better than the Samsung updates of the past.

The myTouch 4G did something like this. But you have to had entered the unlock pattern then let it timeout. Once you hit the power button again it would just unlock.