Ask a question
Search in Wireless Forums

Wireless Forum

Reply
Posted Oct 6, 2011
11:32:37 AM
View profile
Galaxy S II Lock Screen Gaping Security Hole

So bypassing the security on the GS2 takes about 5 total seconds.  There's a huge security hole on the lock screen on the released version of this phone.  I was fine with it, but my 2 yr old figured this out the first time he got ahold of the phone, so now I'm eager to see a fix or workaround for this issue deployed ASAP.

 

To reproduce, enable your lock screen and push the power button.  Push power button to wake phone and wait a few seconds for the screen to timeout.  Now push power again, and you don't have to enter the code to get full access to the phone.

 

This is illustrated all over the web now, but here's a link showing the video of how this is done.

http://pocketnow.com/android/att-galaxy-s-ii-launching-with-major-lockscreen-security-hole

 

I beg of thee AT&T to get this fixed ASAP please!

So bypassing the security on the GS2 takes about 5 total seconds.  There's a huge security hole on the lock screen on the released version of this phone.  I was fine with it, but my 2 yr old figured this out the first time he got ahold of the phone, so now I'm eager to see a fix or workaround for this issue deployed ASAP.

 

To reproduce, enable your lock screen and push the power button.  Push power button to wake phone and wait a few seconds for the screen to timeout.  Now push power again, and you don't have to enter the code to get full access to the phone.

 

This is illustrated all over the web now, but here's a link showing the video of how this is done.

http://pocketnow.com/android/att-galaxy-s-ii-launching-with-major-lockscreen-security-hole

 

I beg of thee AT&T to get this fixed ASAP please!

0
(0)
  • Rate this reply
View profile
Solved
Oct 6, 2011 11:51:27 AM
0
(0)
Master

locux wrote:

So bypassing the security on the GS2 takes about 5 total seconds.  There's a huge security hole on the lock screen on the released version of this phone.  I was fine with it, but my 2 yr old figured this out the first time he got ahold of the phone, so now I'm eager to see a fix or workaround for this issue deployed ASAP.

 

To reproduce, enable your lock screen and push the power button.  Push power button to wake phone and wait a few seconds for the screen to timeout.  Now push power again, and you don't have to enter the code to get full access to the phone.

 

This is illustrated all over the web now, but here's a link showing the video of how this is done.

http://pocketnow.com/android/att-galaxy-s-ii-launching-with-major-lockscreen-security-hole

 

I beg of thee AT&T to get this fixed ASAP please!



This one is blown way out of proportion. It is not a security hole. the unlock screen are not suppose to showup in that test at all (most so called testers don't understand the lock time out settings). The bug is it showed up.

 

Set your lock time out to immediately and you will not have any problem as Samsung suggested. Sounds like most ppl don't understand the meaning of lock time out anyway. Samsung/AT&T should have disabled it (or default to immediately) to avoid all this trouble.

Accepted Solution

Galaxy S II Lock Screen Gaping Security Hole

2,861 views
7 replies
(0) Me too
(0) Me too
Reply
View all replies
(7)
0
(0)
  • Rate this reply
View profile
Oct 6, 2011 11:46:09 AM
0
(0)
Mentor

Not new news.  I never use a lock code anyway.  I prefer not to leave my phone places where I am not.  So kind of a non issue for me.

Not new news.  I never use a lock code anyway.  I prefer not to leave my phone places where I am not.  So kind of a non issue for me.

Re: Galaxy S II Lock Screen Gaping Security Hole

2 of 8 (2,853 Views)
0
(0)
  • Rate this reply
View profile
Solved
Oct 6, 2011 11:51:27 AM
0
(0)
Master

locux wrote:

So bypassing the security on the GS2 takes about 5 total seconds.  There's a huge security hole on the lock screen on the released version of this phone.  I was fine with it, but my 2 yr old figured this out the first time he got ahold of the phone, so now I'm eager to see a fix or workaround for this issue deployed ASAP.

 

To reproduce, enable your lock screen and push the power button.  Push power button to wake phone and wait a few seconds for the screen to timeout.  Now push power again, and you don't have to enter the code to get full access to the phone.

 

This is illustrated all over the web now, but here's a link showing the video of how this is done.

http://pocketnow.com/android/att-galaxy-s-ii-launching-with-major-lockscreen-security-hole

 

I beg of thee AT&T to get this fixed ASAP please!



This one is blown way out of proportion. It is not a security hole. the unlock screen are not suppose to showup in that test at all (most so called testers don't understand the lock time out settings). The bug is it showed up.

 

Set your lock time out to immediately and you will not have any problem as Samsung suggested. Sounds like most ppl don't understand the meaning of lock time out anyway. Samsung/AT&T should have disabled it (or default to immediately) to avoid all this trouble.


locux wrote:

So bypassing the security on the GS2 takes about 5 total seconds.  There's a huge security hole on the lock screen on the released version of this phone.  I was fine with it, but my 2 yr old figured this out the first time he got ahold of the phone, so now I'm eager to see a fix or workaround for this issue deployed ASAP.

 

To reproduce, enable your lock screen and push the power button.  Push power button to wake phone and wait a few seconds for the screen to timeout.  Now push power again, and you don't have to enter the code to get full access to the phone.

 

This is illustrated all over the web now, but here's a link showing the video of how this is done.

http://pocketnow.com/android/att-galaxy-s-ii-launching-with-major-lockscreen-security-hole

 

I beg of thee AT&T to get this fixed ASAP please!



This one is blown way out of proportion. It is not a security hole. the unlock screen are not suppose to showup in that test at all (most so called testers don't understand the lock time out settings). The bug is it showed up.

 

Set your lock time out to immediately and you will not have any problem as Samsung suggested. Sounds like most ppl don't understand the meaning of lock time out anyway. Samsung/AT&T should have disabled it (or default to immediately) to avoid all this trouble.

Re: Galaxy S II Lock Screen Gaping Security Hole

3 of 8 (2,850 Views)
Solution
0
(0)
  • Rate this reply
View profile
Oct 6, 2011 12:37:58 PM
0
(0)
Tutor
Edited by locux on Oct 6, 2011 at 12:44:30 PM

@fox

 

Interesting, I guess the default lock timeout is 5 minutes.  Setting it to immediate does help.  It's certainly weird default behavior. =o

@fox

 

Interesting, I guess the default lock timeout is 5 minutes.  Setting it to immediate does help.  It's certainly weird default behavior. =o

Re: Galaxy S II Lock Screen Gaping Security Hole

[ Edited ]
4 of 8 (2,832 Views)
0
(0)
  • Rate this reply
View profile
Oct 6, 2011 1:11:39 PM
0
(0)
Master
Edited by foxbat121 on Oct 6, 2011 at 1:13:42 PM

It's convenient feature so that if you are using the phone and sreen blanks off, you don't have to unlock all the time. You only need unlock the phone when you let it idle for a while. This promots the adoption of setup a lock to your phone to protect your privacy in case you lost your phone since most ppl don't want to be bother with unlocking everytime they take out the phone. That is until some clueless blogger (first reported by BGR.com) think they found the greatest security hole on this phone. There is a bug but it is not what you think it is and certainly not a security hole.

It's convenient feature so that if you are using the phone and sreen blanks off, you don't have to unlock all the time. You only need unlock the phone when you let it idle for a while. This promots the adoption of setup a lock to your phone to protect your privacy in case you lost your phone since most ppl don't want to be bother with unlocking everytime they take out the phone. That is until some clueless blogger (first reported by BGR.com) think they found the greatest security hole on this phone. There is a bug but it is not what you think it is and certainly not a security hole.

Re: Galaxy S II Lock Screen Gaping Security Hole

[ Edited ]
5 of 8 (2,824 Views)
0
(0)
  • Rate this reply
View profile
Oct 6, 2011 1:20:31 PM
0
(0)
Tutor
Yeah, I see that. It makes sense now that I've found the timeout setting. I could see the feature of a delayed timeout being useful when/if they get it fixed. Thanks for the info..
Yeah, I see that. It makes sense now that I've found the timeout setting. I could see the feature of a delayed timeout being useful when/if they get it fixed. Thanks for the info..

Re: Galaxy S II Lock Screen Gaping Security Hole

6 of 8 (2,819 Views)
0
(0)
  • Rate this reply
View profile
Oct 6, 2011 1:24:08 PM
0
(0)
Master

Yes, Samsung already said they are looking into it. In the meantime, they suggest you set the timeout to immediately.

 

BTW, my phone has Exchange policy enforeced PIN lock. It does not suffer from the same bug. I can set the timeout to the max of my policy allows (30 minutes). The PIN unlock screen does not popup when it is not suppose to.

Yes, Samsung already said they are looking into it. In the meantime, they suggest you set the timeout to immediately.

 

BTW, my phone has Exchange policy enforeced PIN lock. It does not suffer from the same bug. I can set the timeout to the max of my policy allows (30 minutes). The PIN unlock screen does not popup when it is not suppose to.

Re: Galaxy S II Lock Screen Gaping Security Hole

7 of 8 (2,816 Views)
0
(0)
  • Rate this reply
View profile
Oct 8, 2011 11:31:08 AM
0
(0)
Tutor

foxbat121 wrote:

locux wrote:

So bypassing the security on the GS2 takes about 5 total seconds.  There's a huge security hole on the lock screen on the released version of this phone.  I was fine with it, but my 2 yr old figured this out the first time he got ahold of the phone, so now I'm eager to see a fix or workaround for this issue deployed ASAP.

 

To reproduce, enable your lock screen and push the power button.  Push power button to wake phone and wait a few seconds for the screen to timeout.  Now push power again, and you don't have to enter the code to get full access to the phone.

 

This is illustrated all over the web now, but here's a link showing the video of how this is done.

http://pocketnow.com/android/att-galaxy-s-ii-launching-with-major-lockscreen-security-hole

 

I beg of thee AT&T to get this fixed ASAP please!



This one is blown way out of proportion. It is not a security hole. the unlock screen are not suppose to showup in that test at all (most so called testers don't understand the lock time out settings). The bug is it showed up.

 

Set your lock time out to immediately and you will not have any problem as Samsung suggested. Sounds like most ppl don't understand the meaning of lock time out anyway. Samsung/AT&T should have disabled it (or default to immediately) to avoid all this trouble.


I would agree with this because the lock screen showing is a bug, except... after owning the phone the bug is reproducable (though not as commonly as they'd have you think) under "correct" circumstances as well when the lock screen is there as it is supposed to be.

 

 


foxbat121 wrote:

locux wrote:

So bypassing the security on the GS2 takes about 5 total seconds.  There's a huge security hole on the lock screen on the released version of this phone.  I was fine with it, but my 2 yr old figured this out the first time he got ahold of the phone, so now I'm eager to see a fix or workaround for this issue deployed ASAP.

 

To reproduce, enable your lock screen and push the power button.  Push power button to wake phone and wait a few seconds for the screen to timeout.  Now push power again, and you don't have to enter the code to get full access to the phone.

 

This is illustrated all over the web now, but here's a link showing the video of how this is done.

http://pocketnow.com/android/att-galaxy-s-ii-launching-with-major-lockscreen-security-hole

 

I beg of thee AT&T to get this fixed ASAP please!



This one is blown way out of proportion. It is not a security hole. the unlock screen are not suppose to showup in that test at all (most so called testers don't understand the lock time out settings). The bug is it showed up.

 

Set your lock time out to immediately and you will not have any problem as Samsung suggested. Sounds like most ppl don't understand the meaning of lock time out anyway. Samsung/AT&T should have disabled it (or default to immediately) to avoid all this trouble.


I would agree with this because the lock screen showing is a bug, except... after owning the phone the bug is reproducable (though not as commonly as they'd have you think) under "correct" circumstances as well when the lock screen is there as it is supposed to be.

 

 

Re: Galaxy S II Lock Screen Gaping Security Hole

8 of 8 (2,722 Views)
Advanced
You must be signed in to add attachments
Share this post
Share this post