Advertisement

Galaxy Note II vulnerability lets attackers (briefly) access home screen apps (updated)

A security flaw discovered by Terence Eden on the Galaxy Note II with Android 4.1.2 may make that device less secure than you think when it's locked by a code or other method. He discovered that the homescreen can be accessed, albeit it just for a split second, by pressing the "Emergency Call" icon, then the ICE button and finally pressing the physical home key for several seconds. While brief, it's still enough time to click on any of your homescreen apps, which normally wouldn't present a problem since access goes away when the home page disappears again. However, if one of your apps is a "direct dial" widget, for instance, a call can actually be placed by a hacker, and many other programs that perform an action at launch could also leave the device vulnerable. We've confirmed the flaw on our own handsets and the individual who discovered it says that after reporting it five days ago, Samsung has yet to respond. We've reached out to the Korean company ourselves and will let you know about any further developments.

Update: Samsung's emailed us to say it's aware of the matter and is working on a fix (see below).

Samsung is aware of the consumer inquiries regarding the pattern lock feature embedded on some of the Galaxy devices and plans to provide a software update to address it as quickly as possible.