Lookout adds protection against Samsung Galaxy lock screen bypass flaw
We’re only three months into 2013, and we’ve already seen three reported security flaws that can bypass emergency calling features on smartphones to gain access to user data. Samsung’s Galaxy S III and Note II are the latest handsets to have their emergency bypass bugs exposed, after hackers uncovered a similar security flaw in the iPhone 5 in February. The flaws work regardless of how difficult your lock screen password is to guess.
Apple says a fix for the iPhone 5 is coming soon, but Samsung has yet to announce a patch for the bug on Galaxy S III and Note II devices. Users looking for a quick fix may not have to wait for the phone maker to take action, though. Mobile security provider Lookout recently added an update to its free Android app on Google Play that prevents malicious attackers from accessing Galaxy phones afflicted with the flaw.
Samsung’s security hassles started early last week when reports surfaced that you could use the Note II’s emergency call screen to briefly view home screen apps and make calls from the device’s contacts list. The limited attack required you to tap the emergency contacts icon while pressing the home key for a few seconds. Researchers uncovered a similar flaw for the Galaxy S III in February, according to our friends at CSO Australia.
But the security news got worse for the Galaxy S III a few days after the Note II flaw came to light when a security mailing list member said you could gain full access to the S III using an attack similar to the one on the Note II. Once inside the emergency call screen on the Galaxy S III, an attacker has to tap the emergency contacts icon, then tap the home button once followed by quickly pressing the device’s power button. If they get that combination right, hitting the power button again will bring up the home screen.
The Galaxy S III bug was publicized by Sean McMillan on the Full Disclosure security mailing list archived on Seclists.org; both ZDNet and The Verge were able to replicate the attack. You can find an example of the S III hack in action on YouTube. In the video, the attack worked, but you could not access the pull-down menus from the top of the device or the recent apps feature.
A malicious actor would have to get the timing just right to gain full access to the phone, so this may not be an easy attack to pull off if you leave your phone unattended for a few minutes. If your handset is stolen or lost, however, the bad guys would have more time to work on the bypass.
Lookout’s temporary “patch” for Note II and Galaxy S III devices works by monitoring the emergency contacts dialer. If someone attempts to “background” the dialer by pressing the emergency contacts icon, Lookout forces the dialer back to the foreground. This will supposedly prevent an attacker from using the security flaw to get into your phone. As a precaution, Lookout says the Galaxy S III Mini is also protected from the attack.
Samsung was unavailable for comment when we posted this article so it’s not clear what the company plans to do about the security flaws. In a blog post, Lookout said Samsung should be releasing an update soon.