Samsung phone vulnerability allows unauthorized access to apps

It looks like Apple's iPhone is not the only device with a lock screen security flaw that allows unauthorized access to some apps: so does rival Samsung's Galaxy Note II device.

 

Researcher Terence Eden said he found the flaw on the latest UK variant of the Galaxy Note II N7100, running Google's Android 4.1.2.

 

"Here's a rather nifty security flaw I discovered on Samsung's Android 4.1.2. It allows you - in limited circumstances - to run apps and dial numbers even when the device is locked," he said in a blog post.

 

He said the attack works against Pattern Lock, PIN, Password, and Face Unlock. "There is no way to secure your phone against your home screen being accessed," he said.

 

Eden said a user can activate the screen, press "Emergency Call," press the "ICE" button on the bottom left, hold down the physical home key for a few seconds and then release.

 

The phone's home screen will be displayed briefly, and one can click on an app or a widget, which will launch.

 

"It's true, this attack is of limited value. That's one of the reasons why I've disclosed it. Making a call relies on the phone having a direct dial widget on the home screen," he said.

 

Also, he said running the apps is also of limited use as they go into the background immediately.

 

But Eden pointed out there is also a privacy concern that an attacker could see what apps the owner has installed on the homescreen.

 

Eden noted Samsung does not have a dedicated responsible disclosure team or a bug bounty.

 

Tech site Engadget said it confirmed the flaw on its own handsets.

 

"We've reached out to the Korean company ourselves and will let you know about any further developments," it said. — TJD, GMA News