Wednesday 20 March 2013
A security researcher has revealed a method for accessing applications running on a locked Samsung handset.
The flaw is somewhat similar to one that was revealed by another researcher earlier this year on iPhones. On a Samsung handset, users can, from the lock screen, pretend to dial an emergency services number, quickly dismiss it, and with some sleight of hand, quickly gain access to any app or widget, or the settings menu in the device. The dialer can also be launched, allowing the "hacker" to place a call.
Terence Eden, who discovered the flaw and posted a video on YouTube.
"I have discovered another security flaw in Samsung Android phones," Eden said in his blog post today. "It is possible to completely disable the lock screen and get access to any app -- even when the phone is 'securely' locked with a pattern, PIN, password, or face detection.
Eden has only tested the feature on a Galaxy Note 2 running Android 4.1.2, but believes it should work on other Samsung handsets.
