Major security flaw lets anyone bypass AT&T Samsung Galaxy S II security [updated] in
By Jonathan S. Geller el 30-Sep-2011
Foto 0 en Major security flaw lets anyone bypass AT&T Samsung Galaxy S II security [updated]: Paste this image in your site, Myspace, Facebook, Ebay copy this code...
BGR has uncovered a major security flaw on AT&T’s version of the Samsung Galaxy S II that renders Android’s security lock feature completely useless. Using a simple workaround, the security hole allows anyone to bypass the unlock pattern, which normally denies users access to an Android device unless a preset pattern is drawn on a grid of nine dots spread across the device’s lock screen. The same flaw allows users to bypass PIN security as well. We have confirmed that the flaw exists on AT&T’s Galaxy S II and not on Sprint’s Galaxy S II, Epic Touch 4G, though it is currently unclear if other phone models are affected. Hit the break for details on the flaw.
If you have a PIN or an unlock pattern set, all you have to do in order to bypass it is simply tap the lock button to wake the display and then let the screen time out and go black. Tap the lock button again and low and behold, the unlock screen is gone and the phone can be accessed with no PIN or pattern input whatsoever.
This security workaround exists as long as the phone has been successfully unlocked using the proper pattern or PIN at least one time, so the lock cannot be bypassed immediately after the device is powered on. Of course the first thing a user does after powering on a phone is unlock it, so lost and unattended devices are at risk unless they have been powered off since last being used. Of note, users with Microsoft Exchange security policies don’t seem to be affected.
A Samsung spokesperson responded to BGR’s inquiry, stating that the company is investigating the possible security threat but no further comment is available at this time. An AT&T spokesperson declined to comment.
Additional reporting by Todd Haselton. Updated to reflect that the flaw exists for PIN security as well.
UPDATE: Samsung issued the following statement in regards to the bug:
Samsung and AT&T are aware of the user interface issue on the Galaxy S II with AT&T. Currently, when using a security screen lock on the device, the default setting is for a screen timeout. If a user presses the power button on the device after the timeout period it will always require a password. If a user presses the power button on the phone before the timeout period, the device requests a password ? but the password is not actually necessary to unlock it.
Samsung and AT&T are investigating a permanent solution. In the meantime, owners of the Galaxy S II can remedy the situation by re-setting their time-out screen to the ?immediately? setting. This is done by going to the Settings ->Location and Security->Screen unlock settings->Timeout->Immediately.
BGR has uncovered a major security flaw on AT&T’s version of the Samsung Galaxy S II that renders Android’s security lock feature completely useless. Using a simple workaround, the security hole allows anyone to bypass the unlock pattern, which normally denies users access to an Android device unless a preset pattern is drawn on a grid of nine dots spread across the device’s [..] Read complete article
Published 30-Sep-2011 by Jonathan S. Geller in Read 13 times. More hits in
Does your phone have security flaws? DROID does. Sorry, we couldn’t resist. It looks like a flaw found in the Android 2.0.1 code will allow a user to bypass the lock screen on your beloved Motorola DROID. Now, someone can’t… [..] Read complete article
Published 11-Jan-2010 by Andrew Munchbach in AndroidMotorolaVerizonAndroid 2.0.1droidgoogleLock Screensecurity Read 20 times. More hits in
A major security flaw in Apple’s iOS operating system that could allow hackers to remotely gain unauthorized access to an iPhone, iPod touch or iPad has been uncovered by a security expert. Described by Forbes as a “serial Mac hacker,” Accuvant LABS computer security researcher Charlie Miller has uncovered a security flaw that allows hackers to build apps that look legitimate and [..] Read complete article
Published 08-Nov-2011 by Zach Epstein in MobileSecurityAppleCharlie MillerhackhackeriOSiPadiPhoneipod touchsecurity flawvulnerability Read 6 times. More hits in
All GSM phones, such as those that run on T-Mobile and AT&T in the United States, are vulnerable to a major security flaw that could allow hackers to send text messages or place phone calls remotely using a new security flaw, one hacker said recently. Speaking to Reuters ahead of a hacking convention in Berlin, Karsten Nohl, the head of Germany’s Security Research Labs, said the attack c [..] Read complete article
Published 27-Dec-2011 by Todd Haselton in MobileSecurityflawGSMhackerNohlprivacySecurity Research Labs Read 9 times. More hits in
AP - A newly discovered flaw in the Internet's core infrastructure not only permits hackers to force people to visit Web sites they didn't want to, it also allows them to intercept e-mail messages, the researcher who discovered the bug said Wednesday. YahooTechNews [..] Read complete article
Published 06-Aug-2008 by Nerdblog in General Read 12 times. More hits in
If you are a Mac user, and fancy Safari as your default internet browser, you are going to want to pay attention to this one. A bug found in Safari’s AutoFill feature can allow a malicious website to gather personal information from a… [..] Read complete article
Published 22-Jul-2010 by Kelly Hodgkins in AppleSecuritybrowsersExploitflawSafari Read 27 times. More hits in
Just a quick follow up to an article we posted last week. It looks like Apple’s iOS 4.2 gold master candidate, which was pushed out to developers last night, closes the security loop hole that allowed the iPhone’s lock screen to be bypassed from the “Emergency Call” function. We’ve been trying, unsuccessful, to replicate the issue with the latest iOS pre-release. If y [..] Read complete article
Published 02-Nov-2010 by Andrew Munchbach in MobileSoftware4.14.2AccessApplebugBypassflawGMgoldiOSMasterSecurity Read 11 times. More hits in
Security blog Defense in Depth has found a glaring security flaw in OS X Lion that enables hackers to change the password of any user on a machine running Lion. “[While] non-root users are unable to access the shadow files directly, Lion actually provides non-root users the ability to still view password hash data,” Patrick Dunstan from Defense in Depth explained in a recent blog post. [..] Read complete article
Published 19-Sep-2011 by Todd Haselton in SecuritySoftwareflawhackerlionlocalos xpasswordprivacyuser Read 4 times. More hits in
A report was recently published by Android Police that suggests HTC’s Sense user interface has several major security flaws that provide HTC with access to SMS data, phone numbers, system logs, location information and much more. Worse, the flaw could potentially allow any third-party application to access the same private information without having permission from the user to do so. The sec [..] Read complete article
Published 04-Oct-2011 by Todd Haselton in MobileSecurityEVO 3DEVO 4GflawhackHTCissueSensationSenseThunderboltUI Read 5 times. More hits in
A group of security researchers uncovered a security flaw in the web browser portion of Android that runs on the G1. According to researcher, Charles A. Miller the flaw could be exploited when a G1 user is tricked into visiting a malicious Web site. Malicious code on the website could then use this exploit to [...] [..] Read complete article
Published 25-Oct-2008 by Kelly Hodgkins in AndroidHTCT-Mobilesecurity flaw Read 32 times. More hits in
Warning We are not responsible of information posted from external feeds. Use this website at your own risk.
Notice: We will not be liable for any direct or indirect loss or damage arising under this disclaimer or in connection with our website, whether arising in tort, contract, or otherwise.
Hello, Guest
Online: 46 visitors
By Jonathan S. Geller
![Major security flaw lets anyone bypass AT&T Samsung Galaxy S II security [updated] - Tech Weblogs - WEEKLYBITS.COM Blogger The gadgets and tech](files/78boy_genius.jpg)
![More articles Major security flaw lets anyone bypass AT&T Samsung Galaxy S II security [updated]](./images/arti.gif)
![Images about Major security flaw lets anyone bypass AT&T Samsung Galaxy S II security [updated]](./images/photo.gif)
Does your phone have security flaws? DROID does. Sorry, we couldn’t resist. It looks like a flaw found in the Android 2.0.1 code will allow a user to bypass the lock screen on your beloved Motorola DROID. Now, someone can’t… [..] ![Image 0 en - Hacker uncovers major iOS security flaw [video]](http://www-bgr-com.vimg.net/wp-content/uploads/2011/11/iPhone-4S-withbox.jpeg)
A major security flaw in Apple’s iOS operating system that could allow hackers to remotely gain unauthorized access to an iPhone, iPod touch or iPad has been uncovered by a security expert. Described by Forbes as a “serial Mac hacker,” Accuvant LABS computer security researcher Charlie Miller has uncovered a security flaw that allows hackers to build apps that look legitimate and [..] 
If you are a Mac user, and fancy Safari as your default internet browser, you are going to want to pay attention to this one. A bug found in Safari’s AutoFill feature can allow a malicious website to gather personal information from a… [..] 
Just a quick follow up to an article we posted last week. It looks like Apple’s iOS 4.2 gold master candidate, which was pushed out to developers last night, closes the security loop hole that allowed the iPhone’s lock screen to be bypassed from the “Emergency Call” function. We’ve been trying, unsuccessful, to replicate the issue with the latest iOS pre-release. If y [..] 
A group of security researchers uncovered a security flaw in the web browser portion of Android that runs on the G1. According to researcher, Charles A. Miller the flaw could be exploited when a G1 user is tricked into visiting a malicious Web site. Malicious code on the website could then use this exploit to [...] [..] 
