Oh dears. Lock Screen exploit for Samsung Galaxy SIII with Android 4.1.2

Discussion in 'Android' started by Mr.Kattykat, Mar 10, 2013.

  1. Mr.Kattykat
    OP

    Newcomer Mr.Kattykat Professional Procrastinator

    Joined:
    Jul 6, 2012
    Messages:
    11
    Location:
    Northern Ireland
    Country:
    United Kingdom
    What a disaster.​

    On Samsung Galaxy SIIIs running Android 4.1.2 (Jelly Bean) you can easily gain access to the phone, even if it is protected by any sort of lock. As the video above rightly points out, anyone who performs this astoundingly simple exploit is able to access a user's passwords, Facebook, Twitter, email, make purchases without their authorisation, and indeed format the phone to factory settings. ​
    This hasn't been confirmed to work on any other device as of yet, though it is rumoured to work on the Galaxy Note II. ​
    (I don't condone using this information for bar bets, by the way.)​
     
  2. nukeboy95

    Member nukeboy95 Leave luck to heaven.

    Joined:
    Aug 24, 2010
    Messages:
    2,273
    Location:
    not sure
    Country:
    United States
    is it a bug with android?
     
  3. Joe88

    Member Joe88 [λ]

    Joined:
    Jan 6, 2008
    Messages:
    11,188
    Location:
    NYC
    Country:
    United States
    I cant seem to replicate on my s3 with 4.1.1
     
  4. jax604

    Newcomer jax604 Advanced Member

    Joined:
    Jul 23, 2012
    Messages:
    67
    Location:
    The CIty
    Country:
    Canada
    Same here, been trying this thing for 10min+ on my s3 4.1.2. Am im missing something?
     
  5. Foxi4

    Reporter Foxi4 On the hunt...

    pip
    Joined:
    Sep 13, 2009
    Messages:
    22,732
    Location:
    Gaming Grotto
    Country:
    Poland
    Nice exploit - this does indeed leak your passwords and whatnot... as long as someone steals your phone, at which point you should probably inform your provider and change your passwords anyways... and seeing that it takes a while to execute (and apparently is hard to replicate), you probably would've noticed that your phone's missing for well over 10 minutes, so "a hacker doing this while you're not looking" isn't exactly a viable option either.

    It's an interesting thing, but not exactly a serious security risk. I just wonder how the expolit's authors came up with it - was it accidental, is it a bug in the firmware or was it put in the firmware on purpose for servicing purposes by Samsung.
     
  6. qaz00

    Newcomer qaz00 ORG 0x0

    Joined:
    Dec 31, 2010
    Messages:
    40
    Country:
    United Kingdom
    I wonder if it works if you have a PIN code set and device encryption turned on?
     
  7. T-hug

    Chief Editor T-hug Always like this.

    pip
    Joined:
    Oct 24, 2002
    Messages:
    8,599
    Location:
    England
    Country:
    United Kingdom
    Doesn't work on my SIII 4.1.1 with lock screen pattern enabled with lock screen widget.
    Will update to 4.1.2 and try.
     
  8. Mr.Kattykat
    OP

    Newcomer Mr.Kattykat Professional Procrastinator

    Joined:
    Jul 6, 2012
    Messages:
    11
    Location:
    Northern Ireland
    Country:
    United Kingdom
    Possibly. If you have any other devices kicking around with 4.1.2, then feel free to give it a try.

    The crucial thing to get with this is the timing of the button presses. It's pretty much pot luck as to how many tries you need for the bug to be replicated.
     
  9. DinohScene

    Member DinohScene The Gift of Dino

    Joined:
    Oct 11, 2011
    Messages:
    12,902
    Location:
    В небо
    Country:
    Antarctica
    Yaaay!
    Another reason why I don't care about phones/Android ;3

    >hugs old Nokia 3310 phone.
    I love you :wub:
     
  10. Jayro

    Member Jayro MediCat DVD Developer

    Joined:
    Jul 23, 2012
    Messages:
    3,404
    Location:
    Octovalley
    Country:
    United States
    This is a GOOD thing. I can finally unlock my friend's phones when they forget their lockscreen patterns. :D
     
  11. Tom Bombadildo

    Contributor Tom Bombadildo Honk!

    pip
    Joined:
    Jul 11, 2009
    Messages:
    8,805
    Location:
    I forgot
    Country:
    United States
    Good thing I don't use shitty stock firmware.

    Besides, Foxi is right, this is hardly something to be worried about anyways.
     
  12. The Real Jdbye

    Member The Real Jdbye D:

    Joined:
    Mar 17, 2010
    Messages:
    8,580
    Location:
    Doing your mom
    Country:
    Norway
    That's not quite the exploit I was expecting, but I wonder how that can even work... Must be a weird bug somewhere in the code there.
    But how are you going to be able to disable the lockscreen pattern afterwards? :P
    It's going to be really annoying having to do that every time they want to use the phone...
     
  13. Pleng

    Member Pleng GBAtemp Maniac

    Joined:
    Sep 14, 2011
    Messages:
    1,449
    Country:
    Thailand
    A bit of sensationalism there, perhaps?


     

Share This Page