Oh dears. Lock Screen exploit for Samsung Galaxy SIII with Android 4.1.2

Discussion in 'Android' started by Mr.Kattykat, Mar 10, 2013.

  1. Mr.Kattykat
    OP

    Mr.Kattykat Professional Procrastinator

    Newcomer
    11
    6
    Jul 6, 2012
    Northern Ireland
    What a disaster.​

    On Samsung Galaxy SIIIs running Android 4.1.2 (Jelly Bean) you can easily gain access to the phone, even if it is protected by any sort of lock. As the video above rightly points out, anyone who performs this astoundingly simple exploit is able to access a user's passwords, Facebook, Twitter, email, make purchases without their authorisation, and indeed format the phone to factory settings. ​
    This hasn't been confirmed to work on any other device as of yet, though it is rumoured to work on the Galaxy Note II. ​
    (I don't condone using this information for bar bets, by the way.)​
     
  2. nukeboy95

    nukeboy95 Leave luck to heaven.

    Member
    2,273
    1,086
    Aug 24, 2010
    United States
    not sure
    is it a bug with android?
     
  3. Joe88

    Joe88 [λ]

    Member
    11,596
    2,823
    Jan 6, 2008
    United States
    NYC
    I cant seem to replicate on my s3 with 4.1.1
     
  4. jax604

    jax604 Advanced Member

    Newcomer
    67
    2
    Jul 23, 2012
    Canada
    The CIty
    Same here, been trying this thing for 10min+ on my s3 4.1.2. Am im missing something?
     
  5. Foxi4

    Foxi4 On the hunt...

    pip Reporter
    23,537
    21,496
    Sep 13, 2009
    Poland
    Gaming Grotto
    Nice exploit - this does indeed leak your passwords and whatnot... as long as someone steals your phone, at which point you should probably inform your provider and change your passwords anyways... and seeing that it takes a while to execute (and apparently is hard to replicate), you probably would've noticed that your phone's missing for well over 10 minutes, so "a hacker doing this while you're not looking" isn't exactly a viable option either.

    It's an interesting thing, but not exactly a serious security risk. I just wonder how the expolit's authors came up with it - was it accidental, is it a bug in the firmware or was it put in the firmware on purpose for servicing purposes by Samsung.
     
  6. qaz00

    qaz00 ORG 0x0

    Newcomer
    40
    8
    Dec 31, 2010
    I wonder if it works if you have a PIN code set and device encryption turned on?
     
  7. T-hug

    T-hug Always like this.

    pip Chief Editor
    9,099
    4,272
    Oct 24, 2002
    England
    Doesn't work on my SIII 4.1.1 with lock screen pattern enabled with lock screen widget.
    Will update to 4.1.2 and try.
     
  8. Mr.Kattykat
    OP

    Mr.Kattykat Professional Procrastinator

    Newcomer
    11
    6
    Jul 6, 2012
    Northern Ireland
    Possibly. If you have any other devices kicking around with 4.1.2, then feel free to give it a try.

    The crucial thing to get with this is the timing of the button presses. It's pretty much pot luck as to how many tries you need for the bug to be replicated.
     
  9. DinohScene

    DinohScene Capture the Dino

    Member
    GBAtemp Patron
    DinohScene is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    15,824
    12,280
    Oct 11, 2011
    Antarctica
    В небо
    Yaaay!
    Another reason why I don't care about phones/Android ;3

    >hugs old Nokia 3310 phone.
    I love you :wub:
     
  10. Jayro

    Jayro MediCat DVD and Mini Windows 10 Developer

    Member
    GBAtemp Patron
    Jayro is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    4,857
    2,588
    Jul 23, 2012
    United States
    Octo Canyon
    This is a GOOD thing. I can finally unlock my friend's phones when they forget their lockscreen patterns. :D
     
  11. Tom Bombadildo

    Tom Bombadildo Honk!

    pip Contributor
    GBAtemp Patron
    Tom Bombadildo is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    10,555
    10,493
    Jul 11, 2009
    United States
    I forgot
    Good thing I don't use shitty stock firmware.

    Besides, Foxi is right, this is hardly something to be worried about anyways.
     
  12. The Real Jdbye

    The Real Jdbye Always Remember 30/07/08

    Member
    GBAtemp Patron
    The Real Jdbye is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    11,862
    5,016
    Mar 17, 2010
    Norway
    Alola
    That's not quite the exploit I was expecting, but I wonder how that can even work... Must be a weird bug somewhere in the code there.
    But how are you going to be able to disable the lockscreen pattern afterwards? :P
    It's going to be really annoying having to do that every time they want to use the phone...
     
  13. Pleng

    Pleng GBAtemp Advanced Maniac

    Member
    1,673
    829
    Sep 14, 2011
    Thailand
    A bit of sensationalism there, perhaps?