Android users beware: There's a new vulnerability in Samsung devices running Android version 4.1.2. While the flaw's scope is fairly limited, it could prove dangerous to those whose apps aren’t password-protected.
The Android glitch allows hackers to circumvent the lock screen, run apps and access contacts without ever having to enter a password or PIN or use Face Unlock mechanisms.
The Samsung software update that permits this bypass is only beginning to be pushed out by U.S. carriers, but has been available in other parts of the world for several weeks.
British mobile-phone expert Terence Eden posted a video yesterday (March 4) demonstrating how the hack works on a Samsung Galaxy Note II.
The user has to hit the "Emergency Call" button, then the "ICE," or "in case of emergency," button on the bottom left of the screen in the Samsung dialer interface.
The unlocked home screen will briefly appear. If the user presses and holds the home button for several seconds, Eden shows, he will have access to the apps that appear on the home screen.
Eden also explained on his personal blog that a hacker who uses this trick won’t necessarily be able to make calls.
The glitch only allows unauthorized access to apps installed on the home screen that perform actions upon launch, such as the microphone, camera or Web browser.
However, Eden warns that an unauthorized user might be able to gain access to widgets, such as those for calendar appointments and email alerts, if the launcher in use on the device is set up in such a way that repeatedly pressing the home button allows access to other subscreens.
TechNewsDaily was unable to duplicate the flaw on a Galaxy Note II running Android 4.1.1, a slightly older version of the operating system.
Nor does it work on a Samsung Galaxy Nexus running Android 4.2.1. Unlike most Samsung Android devices, the Galaxy Nexus runs a "pure" Google version of Android and has none of the Samsung add-on software that Eden exploits.
Android 4.1.2 for Samsung-branded phones began to roll out this week to Verizon Wireless customers in the U.S., and no other American carrier has deployed it yet.
Lockscreen bypasses are fairly common flaws in the smartphone world; one was found just last month for the Apple iPhone 5.
To protect your Samsung device against this glitch, Eden suggested that device owners remove direct-launch widgets from their home screens and make sure that any apps with access to sensitive information, such as credit-card numbers, are password-protected.