Apple just had its own little embarrassment with an exploit being discovered that could allow an attacker to bypass a user’s lock screen and get limited access to the phone, though we’ve seen a fix already implemented in the latest iOS 6.1.3 beta. Now it’s Samsung’s turn to deal with some similar fallout, upon a new lock screen bypass being uncovered for its Galaxy series phones.
The impact here might be less than with the iOS vulnerability, but there are still a few reasons to be concerned. As per usual, emergency call settings are exploited, and after bringing up a user’s emergency contact list and pressing the home button, a user’s home screen can be briefly accessed.
It’s enough to see all the apps on your home screen, and you can even launch them, though the phone returns to the lock screen in a flash. What’s more problematic is if you have a dialer widget on your home screen, and in that case an attacker would be able to initiate a phone call.
This exploit has been confirmed on Galaxy Note II and Galaxy S III devices.