Tuesday, March 26, 2013

Mobile Security Update: Samsung Android Lock Screen Protection Bypassed

Samsung Unlock Vulnerability

My top story of the week is the alarming revelation that certain "locked" Samsung Android devices can be accessed and the screen lock mechanism can be completely bypassed.

This was revealed by Terence Eden on his blog - there is a technical vulnerability which creates a split second of functionality between using the ‘emergency call’ function and relocking itself.

You can see Terry access a locked device using this vulnerability in this video:

By repeating this process several times, an attacker can slowly but surely navigate within the menus and download any one of several ‘lock remover’ app programs which are commonly available on the Google Play store.

Once the attacker has downloaded, installed and executed the unlocker app, the device is rendered completely open and can be used as normal. This can expose personal data, and the attacker can install malware or use the phone to dial premium rate numbers leaving the owner with a hefty bill.

Samsung has yet to release an update for this vulnerability but if you are worried that your phone might be affected you can change some settings to help keep yourself protected. Take the following steps:

1. Go to your Settings
2. Select Developer Options
3. Click Window animation scale
4. Switch off

Also repeat the before mentioned steps for Transition animation scale and Animator duration scale. While this doesn’t fix the inherent problem, it does narrow the window of opportunity for any potential thieves until Samsung acts quickly to fix this exploit.

Author: AVG’s Charlie Sanchez covers some of the week’s big mobile stories, all served up with a fresh slice of security. You can check out more of Charlie's work at AVG Blog or follow him on Twitter.