Tutor
•
7 Messages
Galaxy S II Lock Screen Gaping Security Hole
So bypassing the security on the GS2 takes about 5 total seconds. There's a huge security hole on the lock screen on the released version of this phone. I was fine with it, but my 2 yr old figured this out the first time he got ahold of the phone, so now I'm eager to see a fix or workaround for this issue deployed ASAP.
To reproduce, enable your lock screen and push the power button. Push power button to wake phone and wait a few seconds for the screen to timeout. Now push power again, and you don't have to enter the code to get full access to the phone.
This is illustrated all over the web now, but here's a link showing the video of how this is done.
http://pocketnow.com/android/att-galaxy-s-ii-launching-with-major-lockscreen-security-hole
I beg of thee AT&T to get this fixed ASAP please!
Accepted Solution
Official Solution
foxbat121
Master
•
2.7K Messages
13 years ago
This one is blown way out of proportion. It is not a security hole. the unlock screen are not suppose to showup in that test at all (most so called testers don't understand the lock time out settings). The bug is it showed up.
Set your lock time out to immediately and you will not have any problem as Samsung suggested. Sounds like most ppl don't understand the meaning of lock time out anyway. Samsung/AT&T should have disabled it (or default to immediately) to avoid all this trouble.
0
0
TimStrader
Mentor
•
102 Messages
13 years ago
Not new news. I never use a lock code anyway. I prefer not to leave my phone places where I am not. So kind of a non issue for me.
0
0
locux
Tutor
•
7 Messages
13 years ago
@fox
Interesting, I guess the default lock timeout is 5 minutes. Setting it to immediate does help. It's certainly weird default behavior. =o
0
0
foxbat121
Master
•
2.7K Messages
13 years ago
It's convenient feature so that if you are using the phone and sreen blanks off, you don't have to unlock all the time. You only need unlock the phone when you let it idle for a while. This promots the adoption of setup a lock to your phone to protect your privacy in case you lost your phone since most ppl don't want to be bother with unlocking everytime they take out the phone. That is until some clueless blogger (first reported by BGR.com) think they found the greatest security hole on this phone. There is a bug but it is not what you think it is and certainly not a security hole.
0
0
locux
Tutor
•
7 Messages
13 years ago
0
0
foxbat121
Master
•
2.7K Messages
13 years ago
Yes, Samsung already said they are looking into it. In the meantime, they suggest you set the timeout to immediately.
BTW, my phone has Exchange policy enforeced PIN lock. It does not suffer from the same bug. I can set the timeout to the max of my policy allows (30 minutes). The PIN unlock screen does not popup when it is not suppose to.
0
0
Theruling
Tutor
•
5 Messages
13 years ago
I would agree with this because the lock screen showing is a bug, except... after owning the phone the bug is reproducable (though not as commonly as they'd have you think) under "correct" circumstances as well when the lock screen is there as it is supposed to be.
0
0