Galaxy Note 2 lock screen

Another Samsung lock screen security issue has come to light today, potentially allowing someone with physical access to a Jelly Bean-based Samsung phone to bypass a pattern or PIN lock. Brought to light by blogger Terrence Eden -- who you may remember from his earlier Note 2 exploits -- this one's particularly impressive because of the clever array of tricks used to achieve the eventual unlock.

The method, demonstrated on a Galaxy Note 2 running Android 4.1.2, relies on the fact that returning from certain screens in the emergency dialer causes the previous app to be visible -- and fully usable -- for a split second. With precise timing and a bit of patience, it's possible to use these windows of usability to load Google Play, use voice search to find a screen unlocker app (yep, those exist), and run it, thus removing the lock screen security.

So in order to use this in the real world you'll need a fair bit of time alone with someone's phone, the ability to use voice search inconspicuously and the patience to correctly hit the required sequence of screen taps. Nevertheless, it's a incredibly clever way of circumventing Samsung's lock screen security, and Eden deserves credit for his ingenuity.

We've reached out to Samsung for comment on this issue, and we'll update this post with any official response. In the meantime we're not too worried about the real-world threats posed by this exploit, or any other that requires physical access to the phone for an extended period of time. Nevertheless, this is something that needs to be fixed.

We've got Terrence Eden's original video demonstration after the break.

Source: YouTube; via: SlashGear

 

Reader comments

Samsung lock screen bypassed entirely with clever, meticulous trickery

43 Comments

If you give this a try you will see that there is a lot of careful timing involved, something the layperson cannot simply read about on a blog and recreate without a lot of practice. So yes, this is a problem, but if you are careful you already have a wipe mechanism in place which you can use if you suspect someone has come into possession of your phone, which will almost certainly take effect before they can fumble though this exploit.

Here's hoping Samsung comes up with an actual locking lock-screen in a soon update though, I have several Samsung devices (but have thankfully never lost one) so this is a worrying trend.

Careful and all this looks very simple for a power user I've had to do careful many times because of faulty software and other things this is easy for the experienced Android nerd Samsung needs to fix it ASAP. Maybe I should borrow a friends phone and do a video showing just how fast I can do this.

Skins suck, although Touchpiss is getting better at minimalizing their skin, this just goes to show skinned phones suck. I wish all manufacturers would release one phone every year in their line up that was pure android. Or just make all phones pure android and make all the added software into apps on the phone that you can choose to use. And if they become popular sell it in the play store for extra cash for the company to install on other phones and devices

Nice, but this is not "another" security issue, it is the same we had before.
Nothing has changed, this might be a different and clever way to use the open half second problem, but the issue itself remains the same.

So let's not misinform shall we?

PS: You still have to have some empty space in your home screen for a shortcut to be created though, and have a Google Play shortcut on your home screen.

And have newly installed apps create an application shortcut. It needs to be the perfect storm of IFs for this to actually work.

I would guess about 99.9% of Android users have at least one empty spot on one of their homescreens. And creating a shortcut is the default behavior. Average users never change that. If a thief wants someone's data and is aware of this now highly publicized method, they are screwed unless they have security software AND can initiate a remote wipe before the thief does his thing.

It's a pretty serious flaw if you ask me. If I was in charge of deploying company smartphones for a business, Samsung sure as hell wouldn't be on the list of potential phones.

So you would knock iPhones off your list too, after they had the same vulnerability in the wild for over a month? That leaves you with Blackberry and Windows Phone. Good luck keeping your users happy, they are just going to ignore your silly trinkets and BYOD anyway.

NOT TRUE

Don't make claims about things you're clearly clueless about. You *can* access the app drawer during that brief gap. Sure it adds 2 steps (maybe 20 seconds) to the whole process but it's hardly a fix. The only ways to truly defend against this attack are to run a custom ROM, or disable Play Store with a passworded app locker.

You can, however, reduce the length of the "gap" by disabling all screen animations. Again, not a fix but makes it more difficult.

So let's not misinform shall we?

Nobody is really going to take the time to do this in the real world. People need to get over this nonsense.

This isn't for something just out on the street, but if I find someone's phone on the street or in an office, I can easily pocket it and find a nice place to sit there and use this exploit. It's much better than a normal reset from the recovery and gets literally all of a person's info.

Even if they have it, they may not realize their phone is missing / stolen until it's too late. This hack only takes a couple minutes.

Not that I steal, but this is all pointless. If I was intended to, I would just:
Power off the phone. Take out the sim. Google on how to flash factory firmware, in this case, Odin. But then the owner can simply ask the carrier to blacklist the IMEI.

Unless you simply want to steal the phone for short term to put in some spying software, in that case you're a creep.

But Samsung phones seems to be vulnerable to too much of these exploits.

What part of this spreads FUD? He didn't over hype anything, it's factual and informative and no one forced you to read it.

The key is not to leave any space on your home screen for the shortcut to be installed. Without the icon on the home screen you can't launch the app and therefore can't disable the lock.

Problem solved!

What about not putting Google Play on your main home screen? Unless that dialing zero thing allows someone to navigate the whole UI.

A better solution would be disabling auto add shortcuts from the Play Store. No sense cluttering up your home screen if you don't need to.

You guys are missing the point. We can prevent this from happening to our phones, but we are in the 1%. The vast majority of users don't read AC and will just assume their data is safe when their phone is stolen if they had a pin lock on it.

You guys are also missing the point that you have *full* access to the phone during that 1 second gap. So you can get to the app drawer and launch Play Store (and No Lock) from there. Sure it adds 2 steps to the process but it's hardly a fix.

You can't have this on your screen and you gotta put this app over here in this folder. Why not just build it so it's secure?

Joebob, Its a great point about the wiping mechanism, but what happens if you're unable to access a PC to initiate that mechanism. 3 minutes to unlock and maybe 5-10 to copy any and all files is prety quick.

So there's a guy spending his life trying to bypass lock screens? You can bypass mine by sliding your finger across the screen........

I am not terribly concerned that I will EVER cross paths with someone who is capable of this. Even if I did, there's very few things on my phone that I store that would be exceptionally valuable to him/her. Even if they got my credit card info, there's visa disputes and level changes that will fix the problem within a few hours. Congrats to him for wasting a heck of a lot of time but maybe there's more productive things he could do?

I think large companies have a lot more to lose than individuals. Invaluable trade secrets could be on an employees phone.

This isn't a serious issue. Just disable auto create shortcut, keep your homscreen full, or leave the market off the home screen. Problem solved!

Sigh. Did you read any of the comments. With about 20 extra second he could open the app drawer, launch Google play, do his stuff, open the app drawer, and open the unlock disable app.

Geesh

This is phucking genius! I don't care if it's not practical in every day life, the problem is that it just simply shouldn't exist! Glad the exploit is known now!

I just spent the last 10 minutes trying this. If an old fart like me can figure it out in 10 minutes, I'm certain a teenager can do it in 2 minutes.

Got it to work exactly as described in the video. I do have the Play Store icon on my home screen, so it was kind of easy. Just need to have very fast fingers. :)

This is clearly a design flaw. Why did Samsung allow the home screen to be visible after exiting the emergency dial menu? That just makes absolutely no sense at all.

If we contact Samsung about this security issue, I doubt they'll listen to us. However, what if the big cheese at AndroidCentral contact Samsung?

Thanks!

I would wager someone with enough time on their hands could get into any locked phone. It's obvious this person or persons goes after the Samsung hardware. You could do that on any manufacturers device. These people just have way too much time on their hands. If you keep important imfo in your phone as I do, install auto wipe app on the phone and keep all your important imfo backed up in safe place as to not loose it if you loose your phone. If you find your phone is missing, wipe it right away. I do not take any chances. Wipe the SOB.

Personally, I do not use a lock screen at all. In the settings menu I have already disabled the lock screen. In my opinion, I find having a lock screen simply annoying. I like to simply press the home button, wake the phone, and be ready to go with what I need (although for some strange reason my Sprint GN2, after the most recent update, seems to default to the multi-task screen instead of the homescreen?).

However, I do have an app titled "Application Protection" which I have associated with certain individual apps for protection. Apps such as all my financial apps (i.e banking, mvelopes, square, paypal etc.) contacts, and Google Drive.

For my piece of mind this is more than adequate security.

That does not protect the data in the app, just opening the app itself. I could copy the database onto my phone, install the app, and it would have all your stuff.

Crazy idea here, but if your phone goes missing, can't you just reset your Google password and the phone will no longer be able to access the play store?

I see allot of comments say what if ... allot of time has to be in afforded to the would be exploiter...... blah blah blah.... the point is. there is a security exploit which should NOT be there in the first place. Desperate people do desperate things.

Who cares.

If you are worried about security, or your phone, what are you going to do when the Google Glass hit the streets.

Until Samsung comes up with an update,download Bkav mobile security and disable emergency calls ICE... should solve the problem. Tried it on my Note2 and it works!

Girl at my workplace still has this problem with a password lock. Her phone was broken into twice and password disabled :-/ running 4.3 on Note 2...