Remember that nasty little iOS 6 lockscreen bug that let hackers access apps on any iPhone with a few smooth moves? Well, fresh on the heels of yesterday’s iOS update that squashed the problem, another security researcher has found a similar issue on Samsung’s Android smartphones.
Terence Eden claims to have found a flaw that lets hackers access a phone’s apps, dialer and widgets even if it’s been locked with a password, PIN, or other security measure.
Just like the iOS flaw, the Samsung security hole seems to involve the emergency dialer. For a brief moment after the emergency dialer is closed, there is a window of opportunity for a hacker to launch apps or place calls. Eden says that he discovered the flaw and contacted Samsung about it in February, but the company declined his offer to hold off publication until they had a fix.
He also discovered an earlier flaw that also involved the Emergency Dialer, in which the user presses a few various parts of the screen at the same time to gain access to the home screen. Both flaws are very similar, but Samsung is aware of both and currently working on a fix for this problem.
The latest security flaw is not present in other Android builds, but seems to only occur on Samsung’s modified version of Android 4.1.2. The flaw has been spotted on both the Galaxy Note II and Galaxy S III, but could also extend to other devices. We’ve asked Samsung about which devices specifically are affected, but haven’t heard back yet.
For those interested in checking out the hack, Eden posts instructions on how to access a home screen on a locked Android Samsung phone here. He also explains that the only fix is to load a different ROM onto the phone, which can be tricky.
Considering that the Galaxy line is one of Samsung’s top-selling lines, including both the S series and Note series, this security hole is quite possibly in your pocket at this very second, so be safe out there.