Skip to content

Samsung Galaxy Note 2 – Unauthorized access to apps caused by vulnerability

2013 March 5

From what we are hearing recently, it appears like the iPhone is not the only device that is said to come in with lock screen security flaw. The bad news is, the said flaw allows unauthorized access to some apps. Now, according to recent reports, Apple’s biggest rival Samsung and its Galaxy Note 2 is experiencing the same problem. note_2323527b

It was Terence Eden (a researcher) who found the flaw on the latest Samsung Galaxy Note 2 N7100 UK variant (running on Google’s Android 4.1.2 Jelly Bean OS).

According to his blog post: “Here’s a rather nifty security flaw I discovered on Samsung’s Android 4.1.2. It allows you – in limited circumstances – to run apps and dial numbers even when the device is locked.”

Eden said that the attack works against Pattern Lock, PIN, Password, and Face Unlock.

“There is no way to secure your phone against your homescreen being accessed.”

He also added that a user can activate your phone’s screen, press “Emergency Call”, press the “ICE” button on the phone’s bottom left, hold down the physical home key for a couple of seconds and then release.

The device’s home screen will be displayed briefly and one can easily click on an app or widget (which in turn will launch).

Eden said: “It’s true, this attack is of limited value. That’s one of the reasons why I’ve disclosed it. Making a call relies on the phone having a direct dial widget on the home screen.”

In addition, he said running the apps are also of limited use as they go into the background immediately. Eden also pointed out that there is a privacy concern that an attacker could see what apps the phone’s owner has installed on its homescreen. According to Eden, Samsung does not have a dedicated responsible disclosure team or a bug bounty.

For more Samsung Galaxy Note best deals, visit us at Phoneslimited.co.uk.

No comments yet

Leave a Reply

Note: You can use basic XHTML in your comments. Your email address will never be published.

Subscribe to this comment feed via RSS

This website is in no way associated with Samsung Mobile and all trademarks are the property of their respective owners.
  • venesection