Another Samsung lock screen security issue has come to light today, potentially allowing someone with physical access to a Jelly Bean-based Samsung phone to bypass a pattern or PIN lock. Brought to light by blogger Terrence Eden — who you may remember from his earlier Note 2 exploits — this one’s particularly impressive because of the clever array of tricks used to achieve the eventual unlock.
The method, demonstrated on a Galaxy Note 2 running Android 4.1.2, relies on the fact that returning from certain screens in the emergency dialer causes the previous app to be visible — and fully usable — for a split second. With precise timing and a bit of patience, it’s possible to use these windows of usability to load Google Play, use voice search to find a screen unlocker app (yep, those exist), and run it, thus removing the lock screen security.
So in order to use this in the real world you’ll need a fair bit of time alone with someone’s phone, the ability to use voice search inconspicuously and the patience to correctly hit the required sequence of screen taps. Nevertheless, it’s a incredibly clever way of circumventing Samsung’s lock screen security, and Eden deserves credit for his ingenuity.
We’ve reached out to Samsung for comment on this issue, and we’ll update this post with any official response. In the meantime we’re not too worried about the real-world threats posed by this exploit, or any other that requires physical access to the phone for an extended period of time. Nevertheless, this is something that needs to be fixed.
We’ve got Terrence Eden’s original video demonstration after the break.