Android Oh dears. Lock Screen exploit for Samsung Galaxy SIII with Android 4.1.2

[Mr.Kattykat]

What a disaster.​

​

​

On Samsung Galaxy SIIIs running Android 4.1.2 (Jelly Bean) you can easily gain access to the phone, even if it is protected by any sort of lock. As the video above rightly points out, anyone who performs this astoundingly simple exploit is able to access a user's passwords, Facebook, Twitter, email, make purchases without their authorisation, and indeed format the phone to factory settings.​

​

This hasn't been confirmed to work on any other device as of yet, though it is rumoured to work on the Galaxy Note II.​

​

(I don't condone using this information for bar bets, by the way.)​

 

[nukeboy95]

is it a bug with android?

 

[Joe88]

I cant seem to replicate on my s3 with 4.1.1

 

[jax604]

I cant seem to replicate on my s3 with 4.1.1

Same here, been trying this thing for 10min+ on my s3 4.1.2. Am im missing something?

 

[Foxi4]

Nice exploit - this does indeed leak your passwords and whatnot... as long as someone steals your phone, at which point you should probably inform your provider and change your passwords anyways... and seeing that it takes a while to execute (and apparently is hard to replicate), you probably would've noticed that your phone's missing for well over 10 minutes, so "a hacker doing this while you're not looking" isn't exactly a viable option either.

It's an interesting thing, but not exactly a serious security risk. I just wonder how the expolit's authors came up with it - was it accidental, is it a bug in the firmware or was it put in the firmware on purpose for servicing purposes by Samsung.

 

[qaz00]

I wonder if it works if you have a PIN code set and device encryption turned on?

 

[T-hug]

Doesn't work on my SIII 4.1.1 with lock screen pattern enabled with lock screen widget.
Will update to 4.1.2 and try.

 

[Mr.Kattykat]

is it a bug with android?

Possibly. If you have any other devices kicking around with 4.1.2, then feel free to give it a try.

Same here, been trying this thing for 10min+ on my s3 4.1.2. Am im missing something?

The crucial thing to get with this is the timing of the button presses. It's pretty much pot luck as to how many tries you need for the bug to be replicated.

 

[DinohScene]

Yaaay!
Another reason why I don't care about phones/Android ;3

>hugs old Nokia 3310 phone.
I love you

 

[Jayro]

This is a GOOD thing. I can finally unlock my friend's phones when they forget their lockscreen patterns.

 

[Tom Bombadildo]

Good thing I don't use shitty stock firmware.

Besides, Foxi is right, this is hardly something to be worried about anyways.

 

[The Real Jdbye]

That's not quite the exploit I was expecting, but I wonder how that can even work... Must be a weird bug somewhere in the code there.

This is a GOOD thing. I can finally unlock my friend's phones when they forget their lockscreen patterns.

But how are you going to be able to disable the lockscreen pattern afterwards?
It's going to be really annoying having to do that every time they want to use the phone...

 

[Pleng]

What a disaster.​

​

​

... anyone who performs this astoundingly simple exploit is able to access a user's passwords.....​

A bit of sensationalism there, perhaps?

The crucial thing to get with this is the timing of the button presses. It's pretty much pot luck as to how many tries you need for the bug to be replicated.