Samsung Galaxy S II on AT&T has a Security Flaw (Video)

October 3, 2011, By Leo Xavier

We have bad news for those of you who are using the Samsung Galaxy S II handset on AT&T. A security flaw has been uncovered on the device. The flaw allows any user to bypass any security locks on the smartphone.

As you already know, the Galaxy S II and many other smartphones come with a pattern unlock screen which asks the user to draw a preset pattern on the screen in order to unlock it.

For unlocking the Galaxy S II, the user has to draw the pattern on a grid of nine dots spread across the device’s lock screen.

 

According to BGR, who uncovered the major security flaw, AT&T’s Galaxy S II has a security hole which allows anyone to bypass the unlock pattern. The flaw also allows any user to bypass PIN security as well.

If you have a PIN or an unlock pattern set on your device, this is what you have to do to bypass it. Just leave the pattern unlock screen to time out. Then, if you wake the smartphone you will see the slide to unlock screen which will allow you to access the phone without inputting any pattern or PIN.

But for this bypassing to work, the phone should be successfully unlocked using the proper pattern or PIN at least once. Therefore this won’t work immediately after the device is powered on.

Samsung had this to say regarding this:

Samsung and AT&T are aware of the user interface issue on the Galaxy S II with AT&T. Currently, when using a security screen lock on the device, the default setting is for a screen timeout. If a user presses the power button on the device after the timeout period it will always require a password. If a user presses the power button on the phone before the timeout period, the device requests a password – but the password is not actually necessary to unlock it.”

Samsung has already started work to find a permanent fix for the issue. But for now, the company is advising users to reset their time-out screen to the “immediately” setting. This can be done by going to the Settings ->Location and Security->Screen unlock settings->Timeout->Immediately.

And just to let you know, the flaw exists only on AT&T’s Galaxy S II and not on Sprint’s Galaxy S II, the Epic Touch 4G. But we are not certain about other handsets.

Check out the video to take a peek at the bypassing process.

© 2008-2012 DeviceMag.com - All rights reserved | Privacy Policy