Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Security Flaw Bypasses AT&T Samsung Galaxy S II Screen Lock

Soulskill posted about 2 years ago | from the your-kid-knows-the-password-anyway dept.

Security 49

zacharye writes "BGR has uncovered a security flaw on AT&T's version of the Samsung Galaxy S II that renders Android's unlock pattern feature completely useless. Using a simple workaround, the security hole allows anyone to bypass the unlock pattern, which normally denies users access to an Android device unless a preset pattern is drawn on a grid of nine dots spread across the device's lock screen."

cancel ×

49 comments

Copycats! (0, Flamebait)

wsxyz (543068) | about 2 years ago | (#37571634)

Just ONE MORE thing they're copied from Apple!!!

Re:Copycats! (0)

arbiter1 (1204146) | about 2 years ago | (#37571864)

calm down there apple fan boy, not like apple hasn't copied a ton of stuff from a competitor before.

Re:Copycats! (1)

NatasRevol (731260) | about 2 years ago | (#37572018)

Context. It's what's for breakfast.

Re:Copycats! (0)

Anonymous Coward | about 2 years ago | (#37572236)

WHOOOOSH!

Re:Copycats! (-1)

Anonymous Coward | about 2 years ago | (#37572048)

Just like the voice features about to be released for the iphone 5 are copied from google

Re:Copycats! (1)

P01d4 (867778) | about 2 years ago | (#37573586)

But it isn't, all these things are intuitive and not hard to come up with yourself. Just because someone else thought of it before shouldn't mean you have to stop using your brain.

Common issue (3, Interesting)

Georules (655379) | about 2 years ago | (#37571656)

This is a common issue with lockscreen replacements. "WidgetLocker Lockscreen" on the android market calls it the "5 second rule". You have to wait about 5 seconds after turning your screen off to turn it back on again if you want the replacement lockscreen to show instead of the default one. I'm not sure why it's not a standard application request to replace the lockscreen, except that it could potentially be a security problem if any application could just decide to override another lockscreen.

Re:Common issue (1)

amRadioHed (463061) | about 2 years ago | (#37571928)

But the lock screen they are using looks standard. And even if it's modified, it's the one that shipped with the device so it would still not have the problems 3rd party lockscreens have.

Re:Common issue (1)

shutdown -p now (807394) | about 2 years ago | (#37572612)

SGS2 uses a non-standard lockscreen (I own one).

Re:Common issue (0)

Anonymous Coward | about 2 years ago | (#37572814)

Mighty big assumptions to be making there, buddy.

Re:Common issue (1)

icebike (68054) | about 2 years ago | (#37572878)

This is a common issue with lockscreen replacements. "WidgetLocker Lockscreen" on the android market calls it the "5 second rule". You have to wait about 5 seconds after turning your screen off to turn it back on again if you want the replacement lockscreen to show instead of the default one.
 

No, you've misread the article.

If you fire up the phone and DON'T unlock it, but rather let it fall asleep again, when you then immediately wake it again it will be unlocked. At no time did you unlock it. So no 5 second rule should apply.

Re:Common issue (2)

pmontra (738736) | more than 2 years ago | (#37575606)

Tested on a European SGS2 bought in May: it stays locked. Definitely a regression of the AT&T model.

Re:Common issue (1)

Asmor (775910) | more than 2 years ago | (#37577850)

Also, the 5-second rule applies to the *home button*. Background apps can not start within 5 seconds of pressing the home button (although this doesn't take effect if you're pressing the home button to wake the phone up. It does seem that Widget Locker ignores the home button if it's already running.

Here's what happens with my phone, which is running Widget Locker and the stock pattern unlock screen.

Normal behavior:
Wake phone -> Widget Locker -> Swipe to unlock -> Pattern unlock screen -> Input pattern -> Home screen

Testing the 5-second rule:
Unlocked, awakened phone -> Press home button -> Press end button to put phone to sleep -> Wake phone up. Pattern unlock screen is shown, not widget locker. Widget locker displaces pattern unlock screen once the 5 seconds have elapsed.

Re:Common issue (3, Funny)

stephanruby (542433) | about 2 years ago | (#37573042)

I'm surprised the Slashdot editors didn't write something like:

"HTC Now Selling Unlocked Phones"

"Now AT&T Upping the Ante by Selling Unlockable Phones!"

Stock Android (1)

Anonymous Coward | about 2 years ago | (#37571670)

This is why OEMs need to stop screwing with Android and just use the stock OS from Google.

Re:Stock Android (0)

bonch (38532) | about 2 years ago | (#37572508)

Don't worry, Google's refusal to open source Honeycomb will discourage tampering.

Re:Stock Android (1)

icebike (68054) | about 2 years ago | (#37573416)

What does honeycomb have to do with phones?

Re:Stock Android (1)

cynyr (703126) | more than 2 years ago | (#37574666)

ICS should be open and fully part of the AOSP when it comes out... so say all the rumors.

finger stain also shows unlock pattern (2, Interesting)

Anonymous Coward | about 2 years ago | (#37571718)

I have an S2, and while the method described in TFA doesn't work on my S2 (maybe I'm just stupid, or maybe coz' mine isn't tied to AT&T, it's an unlocked one imported from elsewhere), I did notice if I look at the dark screen from an angle, my designated unlock pattern shows up clearly in the form of finger stain...

Re:finger stain also shows unlock pattern (-1, Troll)

larry bagina (561269) | about 2 years ago | (#37572404)

Maybe you shouldn't stick your finger up your asshole?

Re:finger stain also shows unlock pattern (2)

Emetophobe (878584) | more than 2 years ago | (#37574782)

That happens on my Nexus S aswell. That's why I switched to using a password lock.

Can't duplicate this but... (0)

Anonymous Coward | about 2 years ago | (#37571740)

I have a rooted Droid 3, this is my second one. The first I bricked. What is interesting however, is that I had my device locked with a lock screen with my data encrypted via Android's built in method. After messing around with my device, in the process of attempting to put Ubuntu on it, I caused the device to reset. I think it happened when I was messing with the chroot command. Well, when the device reset, my settings were all gone, and it booted up without giving me a lock screen. I also was able to pull my data off my sdcard which should have been encrypted, with the lock screen required to decrypt. I cannot explain exactly what happened, particularly because I had run a few commands and am not sure what caused my device to reset. I have to imagine an attacker can do something similar, perhaps through ADB, to access a supposedly protected phone. If I had more money to burn on another device I'd love to take a go at an exploit that can be done through a USB cable.

Security is hard (1)

fermion (181285) | about 2 years ago | (#37571748)

And when one is writing software it is hard to keep everything in order. Apple has made some bonehead mistakes. MS has made really silly mistakes. On thing that should be good for Android is that many eyes can be looking at the code, except when some firm believes security is easy and makes a bonehead mistake. It seems like this will happen more in phones like Android unlike Ms and Apple as firms have an incentive to make risky changes to interface to differentiate the phone, not to mention the need to sell phones cheap while paying MS major chunks of money in settlement.

Re:Security is hard (1)

PPH (736903) | about 2 years ago | (#37571894)

To be honest, open source people make bonehead mistakes as well. Where O/S excels is in getting things patched. If Microsoft won't patch their stuff, you're screwed. If the O/S project won't step up in a timely fashion, someone will fork their code, fix the problem and gain a reputation as a responsive team.

Re:Security is hard (2)

Microlith (54737) | about 2 years ago | (#37572448)

This is not open source, however. Stuff like this is developed entirely behind closed doors by Google, then by Samsung, then by Samsung in cooperation with AT&T, and the source for this is likely unavailable.

Flaw summary (4, Informative)

whysanity (231556) | about 2 years ago | (#37571750)

FTA: "If you have a PIN or an unlock pattern set, all you have to do in order to bypass it is simply tap the lock button to wake the display and then let the screen time out and go black. Tap the lock button again and low and behold, the unlock screen is gone and the phone can be accessed with no PIN or pattern input whatsoever."

Re:Flaw summary (0)

Anonymous Coward | more than 2 years ago | (#37574698)

Ugh, the article really does say "low and behold." If I can't trust their spelling, should I trust their fact-checking?

Re:Flaw summary (1)

Xacid (560407) | more than 2 years ago | (#37576374)

You know...I never knew that wasn't how it was spelled until today. I've always just heard it verbally and never bothered to check (I rarely use the term myself). Lo and behold, slashdot has taught me something yet again!

Anywho - I wouldn't hold that too much against them. It's not as bad as the their/they're/there and so on which SHOULD be common knowledge.

Funfact according to the internet: lo is short for look. The entire phrase has been replaced by "yo - check it!"

Re:Flaw summary (1)

banemc (2475394) | more than 2 years ago | (#37586264)

It's a bit of a damp squid.

Not the only way to break the pattern lock (1)

Anonymous Coward | about 2 years ago | (#37571804)

I have the same phone, I noticed that by using the pattern lock, the finger can leave leave a fingerprint mark on the screen, from the skin oils, which one can easily follow as a blueprint to unlock the phone when the phone is turned to reflect light correctly.

I have had many friends try and use this technique to break into my phone, all of which succeeded even if the screen already had fingerprints on it.

I found that the issue is almost eliminated if the screen has a protector on it, since it is much harder to see the fingerprint marks.

Re:Not the only way to break the pattern lock (0)

Anonymous Coward | about 2 years ago | (#37573064)

Whisper Systems "smudgelock" prevention tool:

http://www.whispersys.com/screenlock.html [whispersys.com]

Re:Not the only way to break the pattern lock (1)

swalve (1980968) | more than 2 years ago | (#37577054)

Silliness. Just randomize the pattern of numbers as they are displayed on the screen. This has been used in secure keypads forever.

Re:Not the only way to break the pattern lock (1)

jrumney (197329) | more than 2 years ago | (#37574842)

Use the matt (anti-glare) protector. The rough surface on this eliminates finger marks almost completely. It also prevents the screen from turning into a mirror when there is any more than a moderate level of background light.

Dont buy branded phones. (0)

Anonymous Coward | about 2 years ago | (#37572028)

I said it before and I will continue to say it:
Don't by branded phones.

What unbranded phones for VZW or Sprint? (1)

tepples (727027) | about 2 years ago | (#37572120)

I said it before and I will continue to say it:
Don't by branded phones.

I thought all phones had a brand, either by a carrier or by a manufacturer or both. And if by "branded" you meant "carrier-customized firmware", is there a way to buy a phone compatible with a non-AT&T U.S. carrier (that is, Verizon Wireless or Sprint) without buying it from the carrier?

Re:What unbranded phones for VZW or Sprint? (3, Informative)

Dragonslicer (991472) | more than 2 years ago | (#37573936)

And if by "branded" you meant "carrier-customized firmware", is there a way to buy a phone compatible with a non-AT&T U.S. carrier (that is, Verizon Wireless or Sprint) without buying it from the carrier?

If you consider T-Mobile to still be "non-AT&T", they'll gladly sell you service for a phone that you already have. I think it's still $20/month cheaper, too.

Re:What unbranded phones for VZW or Sprint? (1)

molo (94384) | more than 2 years ago | (#37575182)

The problem is that the AT&T and T-Mobile HSPDA+ frequencies don't overlap. So you would be limited to just 2G data.

-molo

Re:What unbranded phones for VZW or Sprint? (1)

thunderclap (972782) | more than 2 years ago | (#37576872)

Don't you love how the Chinese cart vendors in Hong Kong have WiFi in their cart?

YUO FAIAL IT (-1)

Anonymous Coward | about 2 years ago | (#37572044)

Slashdot's fellow travellers? 3= 36400 FreeBSD Schemes. Frankly of Jordan Hubbard In eternity...Romeo posts. Therefore When I stood for It's best to try

I have an S2 (0)

Anonymous Coward | about 2 years ago | (#37572238)

I have an S2 and this doesn't happen to my phone. I cannot recreate the problem.

Bell Mobility (1)

wiedzmin (1269816) | about 2 years ago | (#37572970)

Does anybody know if this affects the Bell Mobility devices in Canada? I know someone who owns one... wondering if I should bug them about it. Thanks.

Slightly Off Topic, Screen Lock (0)

Anonymous Coward | about 2 years ago | (#37573004)

I have a Moto Defy (highly water resistant) and was trying to unlock it with wet hands. A few drops hit the screen first and it wasn't recognizing my finger touch; after a second or two of (stupidly) trying to wipe the water off with my wet hand, I was suddenly staring at the home screen without having logged in. I was looking at the screen at the time and none of the lock points registered a touch, so I can't imagine that I accidentally input the pattern. Haven't been able to reproduce it, but that unit was replaced for other problems anyway.

Reminds me of the Linux autorun vulnerability (1)

E.I.A (2303368) | more than 2 years ago | (#37574574)

sort of: http://www.youtube.com/watch?v=ovfYBa1EHm4#t=90 [youtube.com] Not that I adequately understand how either of these things occur, but I don't trust any system that I cannot disassemble, upgrade, and repair or modify myself. What I understand even less, is why people even use smart phones. Yeah, they can do all but warm your lunch (maybe soon) and disperse crowds, but between a laptop/desktop, and bare-bones phone, I just don't get it. ....Why do I feel like I just harmed a nun?

Re:Reminds me of the Linux autorun vulnerability (0)

Anonymous Coward | more than 2 years ago | (#37576454)

I don't *need* my smartphone, but it makes things a hell of a lot more convenient. I'm unlocking my bootloader today, and I'm going to reflash it with Cyanogenmod as soon as I can figure out how to get Webtop working on CM.

I-9100, can't reproduce (1)

kangsterizer (1698322) | more than 2 years ago | (#37576304)

I've a GT-I9100 with the latest firmware and I can't reproduce it. Kinda odd. I wonder if its a AT&T version issue only, or if they have 3rd party software.

That being said, I'd never trust that stuff - specially the pattern - as a real security protection. It's easy to guess patterns, its easy to follow the finger's smudge (and you can guess even without that as patterns are not all that complex usually).

Bottom line its a protection against the jealous girlfriend, the little childrens, that sort of stuff. Default is to have no protection on the lock at all, which is just "drag to unlock", and thats the protection against accidental unlock only.

Re:I-9100, can't reproduce (1)

kangsterizer (1698322) | more than 2 years ago | (#37576312)

Note: GT-I9100 is the original EU/Intl version of the SGS2.

Explanation. (1)

140Mandak262Jamuna (970587) | more than 2 years ago | (#37576486)

Looks like the explanation from AT&T and/or Samsung is that, this works only within the time out period of the last unlock. That is you unlock a phone with PIN at time T. Its time out would be at T+timeout. Within this period if you force sleep by pressing the power button and press it again it will show the PIN screen. If this PIN screen times out before T+timeout, and the power button is pressed within T+timeout, then the pin screen is not shown.

As programmer I am guessing it would just toggle back and forth till T+timeout.

So once T+timeout has elapsed, the phone could not be unlocked without a PIN. So lost phones have quite a short window of vulnerability. If what they say is true. I don't have a AT&T Samsung phone to test. My T-mobile branded LG Titanium always demands a PIN on wake up.

Official Google Response (0)

Anonymous Coward | more than 2 years ago | (#37576600)

"This is an important feature of the OS. It is designed to allow the malware fairy easy access to the phone so she can quickly install harmful and annoying applications on the device while users sleep. This way we can keep up appearances as the dirty hooker of the mobile industry (Free and full of infections)."

Seriously though do something Google, it's ridiculous how non-existent security is throughout the Android ecosystem. This doesn't just effect Android users either, it will potentially effect anyone with an internet connection. Smarten up already, I don't want another 50 million zombied devices stealing credit card info or sending spam.

Re:Official Google Response (1)

thunderclap (972782) | more than 2 years ago | (#37576900)

"This is an important feature of the OS. It is designed to allow the malware fairy easy access to the phone so the user can quickly install harmful and annoying applications on the device. This way AT&T can keep up appearances as the dirty hooker of the mobile industry (Free and full of infections)."

Fixed that for you.
 

"Smarten up already, I don't want another 50 million zombied devices stealing credit card info or sending spam".

But Russia and China do.

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...