backtop

Print 21 comment(s) - last by Datcyde.. on Mar 11 at 2:49 AM
Five step hack allows you to easily avoid password on top Android smartphone

Apple, Inc. (AAPL) recently was heavily criticized when hackers discovered a complex process of presses allowed a potentially malicious user to circumvent the lock screen password.  The "hack" resembled a video game cheat and was quite intensive.

But apparently Apple wasn't the only one with this kind of vulnerability (or perhaps a backdoor firmware makers forgot to remove?).  With Android smartphones, Google Inc. (GOOG) typically allows Android phonemakers to make their own lockscreens.  Due to legal issues with Apple, and the desire to have distinctive GUIs, Android phonemakers have a variety of different software handling unlocking.

In Samsung's case, the proprietary lock-screen implementation on its best-selling flagship Galaxy S III is vulnerable to a similar hack.  The Full Disclosure mailing list, a popular hardware and software hacking email mailer, reveals the process as:

1) On the code entry screen press Emergency Call
2) Then press Emergency Contacts
3) Press the Home button once
4) Just after pressing the Home button press the power button quickly
5) If successful, pressing the power button again will bring you to the S3′s home screen
 

 
Looks like for now Samsung owners might want to avoid hurling criticism at Apple for its similar backdoor.

Source: Full Disclosure


Comments     Threshold


This article is over a month old, voting and posting comments is disabled
doesn't work all the time
By orgy08 on 3/7/2013 3:22:04 PM , Rating: 3
I saw this before, I've done it over 20 times myself and haven't gotten it to work. I saw it somewhere else where the editor tried to get it on video, but it took over 100 times before being succesful (and didnt catch it on video).




RE: doesn't work all the time
By Kharadmon on 3/7/2013 3:35:50 PM , Rating: 2
I've just tried this on my phone and can't replicate it.
It's possible that as I've enabled the option to have the power button lock the screen automatically it stops the exploit (or it could be I'm using a Samsung based custom ROM).

Settings->Lock Screen then enable "Lock instantly with power key".
If you want to set security on your phone why not enable this as well.


RE: doesn't work all the time
By orgy08 on 3/7/2013 4:02:38 PM , Rating: 2
Mine is set to 5 seconds. I changed it to 1 minute and still can't replicated it. I am using stock with root access.


RE: doesn't work all the time
By cyberguyz on 3/7/2013 4:01:11 PM , Rating: 2
Running Android 4.2.1 (Frankenstein Samsung leak) on mine and it does not happen for me.

I wonder if this is only ann issue on certain versions of Android.


RE: doesn't work all the time
By Samus on 3/7/2013 11:42:54 PM , Rating: 2
I'm running 4.1.2 (MA6) and can't replicate it, either. What is this hack for? An out-of-box phone with no OTA updates installed?

btw I suspect if you disabled emergency contact's...even if this back worked it'd 'fix' the issue.


By TakinYourPoints on 3/8/2013 5:54:35 AM , Rating: 2
I have no idea how people figure this out on their own. Both the Apple and Galaxy bypasses are so convoluted and obscure.


RE: doesn't work all the time
By bodar on 3/8/2013 7:36:43 AM , Rating: 2
This guy seems to be able to pull it off though it took MANY tries on pattern lock (not so much with PIN) -- https://www.youtube.com/watch?v=CEIZXRfnR1c


RE: doesn't work all the time
By Felthis on 3/8/2013 9:01:46 AM , Rating: 2
I was able to replicate it on my S3 just now. It took about 15 times, but it did work. My usage scenario: power button doesn't lock screen, screen timeout = 1 min, and lock timeout = max, numeric lock.

The second time took about 100 tries :)
In both cases you have almost full access to the phone. The only thing is you can't swipe down the info bar at the top. I'm assuming that's because the bar is still set to the lock mode.


Unlock..
By Daemia on 3/7/2013 2:42:54 PM , Rating: 4
Sheeesh!!! All you had to do was swipe to the right to unlock the phone.. :|




RE: Unlock..
By Nortel on 3/7/2013 2:49:06 PM , Rating: 1
I don't know of any businesses using Android phones but those whom do won't be too pleased at this simply bypass security bypass.

BTW, contacts can be accessed even with the phone locked? That is a huge security issue right there.


RE: Unlock..
By Newspapercrane on 3/7/2013 3:29:05 PM , Rating: 2
You are able to add certain contacts to the "Emergency Contacts" group. You may choose to use, or not use this feature.


RE: Unlock..
By Trisped on 3/7/2013 6:23:34 PM , Rating: 2
Emergency contacts is a limited list of contacts. It probably does not even show the phone number.

There are a number of advantages, like if you are found passed out on the street they can call your emergency contact to get your medical history and to let them know what happened to you.

Also, if you find a lost phone you can call the emergency contact and tell them where they can pick it up at.


Cannot replicate on the International version
By Cront on 3/7/2013 4:53:21 PM , Rating: 2
Maybe this works on the Verizon version, 4G version or another varient but I cannot replicate this on the 3G International version despite trying different lock screen configurations.




By Cheesew1z69 on 3/7/2013 4:58:27 PM , Rating: 2
I just tried on the V version, couldn't do it. When it says to press the home button after opening the emergency contacts, then hit the power button, it just shuts off my screen?


Works on my phone
By Bustin on 3/8/2013 1:41:29 PM , Rating: 2
I've got it to work twice now. I had to reboot in order for the lock screen to even work again.

Don't press the power button directly after the home. Wait just a brief second, almost as the background to your home screen comes up.




RE: Works on my phone
By jjlj on 3/10/2013 1:16:48 PM , Rating: 2
I was able to do it on my wifes stock unmoded tmo s3. The lock screen is totally disabled until a reboot is done.

I have a vzw s3 running cleanrom 5.6 and I can see the home screen flash but it always remains locked. I am also connected to exchange so maybe that has something to do with it locking?

Crazy stuff!


Backdoor..
By Daemia on 3/7/2013 3:31:48 PM , Rating: 2
So somebody found the backdoor or rather leaked it to the public. Big deal..They'll plug that and make another one..




Hmm
By SlyNine on 3/7/2013 6:19:56 PM , Rating: 2
Tried it several times and it doesn't work on mine.




Lock screen is a failure :(
By mclovin2 on 3/8/2013 7:49:18 PM , Rating: 2
Unfortunately this works, I am a massive anti-apple person, and can't stand the icrap stuff. Love my GS3 and am waiting on the edge of my seat for the S4 to come out. However just tried this with my phone and it works. once your on the emergency contact list, hit the home button, you will see the home screen before the phone locks itself again. What your meant to do is hit the lock button as soon as that home screen shows. Between my pressing the home button and the lock screen there was an approximate 1 second wait. took me 4 attempts until it worked. Good news however, the phone seems to have learnt as I am unable to re-do it. I've been going for 10 minutes so far and haven't been able to do it a second time. I reset the phone, and still am unable to re-do it.




It Works!!!
By Datcyde on 3/11/2013 2:49:58 AM , Rating: 2
Just did it and it works. Its all about timing. Watch your phones people!!!




Mobile apps vulnerability
"Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town." -- Charlie Miller











botimage
Copyright 2013 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki