Samsung Galaxy security vulnerability unlocks homescreen


If you’re nimble enough, you can get past the Galaxy Note 2’s lock screen.

And PIN. And password. And face unlock.

Terence Eden recently discovered the minor security vulnerability in Samsung’s Note 2 smartphone-tablet hybrid.

galaxy note 2Much like the iPhone passcode hack from last week, this Galaxy glitch involves lightning-fast reflexes and a cancelled call to emergency services.

Given that the attack is of limited value, Eden provides full instructions on how to exploit it.

If you follow his instructions, which we hope you don’t, given that this attack once again relies on placing bogus emergency calls, you can run apps and dial numbers on phones – even if they’re locked with a pattern lock, PIN, password, or face unlock.

According to Eden – a mobile enthusiast who has written for Naked Security in the past – there’s no way to protect your phone against being accessed in this manner, so it’s perhaps wise to keep your gadget away from people with good reflexes.

This is a low-level threat, he writes, given that an attacker can only put through a call on a targeted Galaxy if it has a direct dial widget on the home screen.

It sounds like the threat of an attacker running a Galaxy’s apps is low, as well, given that any launched apps immediately zip into the background, Eden says.

But if the app performs an action on launch, such as recording with the Galaxy microphone, switching on flash, playing music or interacting with a server, an attacker can use this exploit to trigger such actions.

Eden provided this list of options to secure against the attack:

  • Do not use direct dial widgets on your homescreen.
  • Remove any calendar or email widgets which may show sensitive information from your homescreens.
  • Ensure that any apps which you do have on your homescreens do not automatically cost you money or act maliciously when launched.
  • Use an app locker to prompt for a password when apps are launched.
  • Changing to a different launcher will not protect you.
  • Using a 3rd party lock screen will not protect you if it accesses the emergency dialer.

With regards to getting a response from Samsung, Eden hasn’t had any luck.

Unfortunately, the company has restricted its bug bounty program to TVs.

Regardless of your opinion about whether paying for bugs helps improve your products’ risk profile or encourages otherwise disinterested people to hack them, there’s one thing you can say about bug bounty programs: at least you get a clear path to responsible disclosure.

But given that Samsung has recent experience with hacked TVs that allow intruders to watch you, change channels or plug in malware, perhaps it’s not surprising that its eyes are, apparently, glued to the tube.

Phone burglar image from Shutterstock