Galaxy S II Lock Screen Gaping Security Hole

Tutor

Galaxy S II Lock Screen Gaping Security Hole

So bypassing the security on the GS2 takes about 5 total seconds.  There's a huge security hole on the lock screen on the released version of this phone.  I was fine with it, but my 2 yr old figured this out the first time he got ahold of the phone, so now I'm eager to see a fix or workaround for this issue deployed ASAP.

 

To reproduce, enable your lock screen and push the power button.  Push power button to wake phone and wait a few seconds for the screen to timeout.  Now push power again, and you don't have to enter the code to get full access to the phone.

 

This is illustrated all over the web now, but here's a link showing the video of how this is done.

http://pocketnow.com/android/att-galaxy-s-ii-launching-with-major-lockscreen-security-hole

 

I beg of thee AT&T to get this fixed ASAP please!

Message 1 of 8 (2,896 Views)
Mentor

Re: Galaxy S II Lock Screen Gaping Security Hole

Not new news.  I never use a lock code anyway.  I prefer not to leave my phone places where I am not.  So kind of a non issue for me.

Message 2 of 8 (2,888 Views)
Highlighted
Master
Solution
Accepted by topic author locux
‎09-30-2015 1:39 AM

Re: Galaxy S II Lock Screen Gaping Security Hole


locux wrote:

So bypassing the security on the GS2 takes about 5 total seconds.  There's a huge security hole on the lock screen on the released version of this phone.  I was fine with it, but my 2 yr old figured this out the first time he got ahold of the phone, so now I'm eager to see a fix or workaround for this issue deployed ASAP.

 

To reproduce, enable your lock screen and push the power button.  Push power button to wake phone and wait a few seconds for the screen to timeout.  Now push power again, and you don't have to enter the code to get full access to the phone.

 

This is illustrated all over the web now, but here's a link showing the video of how this is done.

http://pocketnow.com/android/att-galaxy-s-ii-launching-with-major-lockscreen-security-hole

 

I beg of thee AT&T to get this fixed ASAP please!



This one is blown way out of proportion. It is not a security hole. the unlock screen are not suppose to showup in that test at all (most so called testers don't understand the lock time out settings). The bug is it showed up.

 

Set your lock time out to immediately and you will not have any problem as Samsung suggested. Sounds like most ppl don't understand the meaning of lock time out anyway. Samsung/AT&T should have disabled it (or default to immediately) to avoid all this trouble.

Message 3 of 8 (2,885 Views)
Tutor

Re: Galaxy S II Lock Screen Gaping Security Hole

[ Edited ]

@fox

 

Interesting, I guess the default lock timeout is 5 minutes.  Setting it to immediate does help.  It's certainly weird default behavior. =o

Message 4 of 8 (2,867 Views)
Master

Re: Galaxy S II Lock Screen Gaping Security Hole

[ Edited ]

It's convenient feature so that if you are using the phone and sreen blanks off, you don't have to unlock all the time. You only need unlock the phone when you let it idle for a while. This promots the adoption of setup a lock to your phone to protect your privacy in case you lost your phone since most ppl don't want to be bother with unlocking everytime they take out the phone. That is until some clueless blogger (first reported by BGR.com) think they found the greatest security hole on this phone. There is a bug but it is not what you think it is and certainly not a security hole.

Message 5 of 8 (2,859 Views)
Tutor

Re: Galaxy S II Lock Screen Gaping Security Hole

Yeah, I see that. It makes sense now that I've found the timeout setting. I could see the feature of a delayed timeout being useful when/if they get it fixed. Thanks for the info..
Message 6 of 8 (2,854 Views)
Master

Re: Galaxy S II Lock Screen Gaping Security Hole

Yes, Samsung already said they are looking into it. In the meantime, they suggest you set the timeout to immediately.

 

BTW, my phone has Exchange policy enforeced PIN lock. It does not suffer from the same bug. I can set the timeout to the max of my policy allows (30 minutes). The PIN unlock screen does not popup when it is not suppose to.

Message 7 of 8 (2,851 Views)
Tutor

Re: Galaxy S II Lock Screen Gaping Security Hole


foxbat121 wrote:

locux wrote:

So bypassing the security on the GS2 takes about 5 total seconds.  There's a huge security hole on the lock screen on the released version of this phone.  I was fine with it, but my 2 yr old figured this out the first time he got ahold of the phone, so now I'm eager to see a fix or workaround for this issue deployed ASAP.

 

To reproduce, enable your lock screen and push the power button.  Push power button to wake phone and wait a few seconds for the screen to timeout.  Now push power again, and you don't have to enter the code to get full access to the phone.

 

This is illustrated all over the web now, but here's a link showing the video of how this is done.

http://pocketnow.com/android/att-galaxy-s-ii-launching-with-major-lockscreen-security-hole

 

I beg of thee AT&T to get this fixed ASAP please!



This one is blown way out of proportion. It is not a security hole. the unlock screen are not suppose to showup in that test at all (most so called testers don't understand the lock time out settings). The bug is it showed up.

 

Set your lock time out to immediately and you will not have any problem as Samsung suggested. Sounds like most ppl don't understand the meaning of lock time out anyway. Samsung/AT&T should have disabled it (or default to immediately) to avoid all this trouble.


I would agree with this because the lock screen showing is a bug, except... after owning the phone the bug is reproducable (though not as commonly as they'd have you think) under "correct" circumstances as well when the lock screen is there as it is supposed to be.

 

 

Message 8 of 8 (2,757 Views)
Share this topic
Announcements

Welcome to the AT&T Community Forums!!! Stop by the Community How-To section for tips on how to get started.