Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Flaw Bypasses AT&T Samsung Galaxy S II Screen Lock

Posted by Soulskill on from the your-kid-knows-the-password-anyway dept.

zacharye writes "BGR has uncovered a security flaw on AT&T's version of the Samsung Galaxy S II that renders Android's unlock pattern feature completely useless. Using a simple workaround, the security hole allows anyone to bypass the unlock pattern, which normally denies users access to an Android device unless a preset pattern is drawn on a grid of nine dots spread across the device's lock screen."

8 of 49 comments (clear)

  1. Common issue by Georules · · Score: 3, Interesting

    This is a common issue with lockscreen replacements. "WidgetLocker Lockscreen" on the android market calls it the "5 second rule". You have to wait about 5 seconds after turning your screen off to turn it back on again if you want the replacement lockscreen to show instead of the default one. I'm not sure why it's not a standard application request to replace the lockscreen, except that it could potentially be a security problem if any application could just decide to override another lockscreen.

    1. Re:Common issue by stephanruby · · Score: 3, Funny

      I'm surprised the Slashdot editors didn't write something like:

      "HTC Now Selling Unlocked Phones"

      "Now AT&T Upping the Ante by Selling Unlockable Phones!"

    2. Re:Common issue by pmontra · · Score: 2

      Tested on a European SGS2 bought in May: it stays locked. Definitely a regression of the AT&T model.

  2. finger stain also shows unlock pattern by Anonymous Coward · · Score: 2, Interesting

    I have an S2, and while the method described in TFA doesn't work on my S2 (maybe I'm just stupid, or maybe coz' mine isn't tied to AT&T, it's an unlocked one imported from elsewhere), I did notice if I look at the dark screen from an angle, my designated unlock pattern shows up clearly in the form of finger stain...

    1. Re:finger stain also shows unlock pattern by Emetophobe · · Score: 2

      That happens on my Nexus S aswell. That's why I switched to using a password lock.

  3. Flaw summary by __aaitqo8496 · · Score: 4, Informative

    FTA: "If you have a PIN or an unlock pattern set, all you have to do in order to bypass it is simply tap the lock button to wake the display and then let the screen time out and go black. Tap the lock button again and low and behold, the unlock screen is gone and the phone can be accessed with no PIN or pattern input whatsoever."

  4. Re:Security is hard by Microlith · · Score: 2

    This is not open source, however. Stuff like this is developed entirely behind closed doors by Google, then by Samsung, then by Samsung in cooperation with AT&T, and the source for this is likely unavailable.

  5. Re:What unbranded phones for VZW or Sprint? by Dragonslicer · · Score: 3, Informative

    And if by "branded" you meant "carrier-customized firmware", is there a way to buy a phone compatible with a non-AT&T U.S. carrier (that is, Verizon Wireless or Sprint) without buying it from the carrier?

    If you consider T-Mobile to still be "non-AT&T", they'll gladly sell you service for a phone that you already have. I think it's still $20/month cheaper, too.