Samsung lock screen flaw found; company working on fix

From CNET News.com: A security researcher has revealed a method for accessing applications running on a locked Samsung handset.

The flaw is somewhat similar to one that was revealed by another researcher earlier this year on iPhones. On a Samsung handset, users can, from the lock screen, pretend to dial an emergency services number, quickly dismiss it, and with some sleight of hand, quickly gain access to any app or widget, or the settings menu in the device. The dialer can also be launched, allowing the "hacker" to place a call.

According to Terence Eden, who discovered the flaw and posted a video on YouTube showing it in action, the technique is only possible on Samsung's Android version, and not on the stock Android option that Google launches. Eden has only tested the feature on a Galaxy Note II running Android 4.1.2, but believes it should work on other Samsung handsets.

Eden says that he contacted Samsung in February about the flaw and the company told him that it is working on a fix. Eden offered to delay publication of the flaw until Samsung had a fix, but the company "declined this offer."

The discovery by Eden follows a similar flaw that allowed iOS 6.1 hackers to place calls and access the phone app in Apple's software. That also required users to take advantage of the emergency-calling feature. Yesterday, Apple released iOS 6.1.3, which included a fix for the lock screen bug.

View: Article @ Source Site