Print 21 comment(s) - last by Datcyde.. on Mar 11 at 2:49 AM

Five step hack allows you to easily avoid password on top Android smartphone

Apple, Inc. (AAPL) recently was heavily criticized when hackers discovered a complex process of presses allowed a potentially malicious user to circumvent the lock screen password.  The "hack" resembled a video game cheat and was quite intensive.

But apparently Apple wasn't the only one with this kind of vulnerability (or perhaps a backdoor firmware makers forgot to remove?).  With Android smartphones, Google Inc. (GOOG) typically allows Android phonemakers to make their own lockscreens.  Due to legal issues with Apple, and the desire to have distinctive GUIs, Android phonemakers have a variety of different software handling unlocking.

In Samsung's case, the proprietary lock-screen implementation on its best-selling flagship Galaxy S III is vulnerable to a similar hack.  The Full Disclosure mailing list, a popular hardware and software hacking email mailer, reveals the process as:

1) On the code entry screen press Emergency Call
2) Then press Emergency Contacts
3) Press the Home button once
4) Just after pressing the Home button press the power button quickly
5) If successful, pressing the power button again will bring you to the S3′s home screen

Looks like for now Samsung owners might want to avoid hurling criticism at Apple for its similar backdoor.

Source: Full Disclosure

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

doesn't work all the time
By orgy08 on 3/7/2013 3:22:04 PM , Rating: 3
I saw this before, I've done it over 20 times myself and haven't gotten it to work. I saw it somewhere else where the editor tried to get it on video, but it took over 100 times before being succesful (and didnt catch it on video).

RE: doesn't work all the time
By Kharadmon on 3/7/2013 3:35:50 PM , Rating: 2
I've just tried this on my phone and can't replicate it.
It's possible that as I've enabled the option to have the power button lock the screen automatically it stops the exploit (or it could be I'm using a Samsung based custom ROM).

Settings->Lock Screen then enable "Lock instantly with power key".
If you want to set security on your phone why not enable this as well.

RE: doesn't work all the time
By orgy08 on 3/7/2013 4:02:38 PM , Rating: 2
Mine is set to 5 seconds. I changed it to 1 minute and still can't replicated it. I am using stock with root access.

RE: doesn't work all the time
By cyberguyz on 3/7/2013 4:01:11 PM , Rating: 2
Running Android 4.2.1 (Frankenstein Samsung leak) on mine and it does not happen for me.

I wonder if this is only ann issue on certain versions of Android.

RE: doesn't work all the time
By Samus on 3/7/2013 11:42:54 PM , Rating: 2
I'm running 4.1.2 (MA6) and can't replicate it, either. What is this hack for? An out-of-box phone with no OTA updates installed?

btw I suspect if you disabled emergency contact's...even if this back worked it'd 'fix' the issue.

By TakinYourPoints on 3/8/2013 5:54:35 AM , Rating: 2
I have no idea how people figure this out on their own. Both the Apple and Galaxy bypasses are so convoluted and obscure.

RE: doesn't work all the time
By bodar on 3/8/2013 7:36:43 AM , Rating: 2
This guy seems to be able to pull it off though it took MANY tries on pattern lock (not so much with PIN) --

RE: doesn't work all the time
By Felthis on 3/8/2013 9:01:46 AM , Rating: 2
I was able to replicate it on my S3 just now. It took about 15 times, but it did work. My usage scenario: power button doesn't lock screen, screen timeout = 1 min, and lock timeout = max, numeric lock.

The second time took about 100 tries :)
In both cases you have almost full access to the phone. The only thing is you can't swipe down the info bar at the top. I'm assuming that's because the bar is still set to the lock mode.

“Then they pop up and say ‘Hello, surprise! Give us your money or we will shut you down!' Screw them. Seriously, screw them. You can quote me on that.” -- Newegg Chief Legal Officer Lee Cheng referencing patent trolls

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki