A major security flaw has been discovered in the AT&T Samsung Galaxy S II, which is about to be released on the 2nd of October (tomorrow) at a price of $199 with a two-year contract. This Major security flaw allows anyone to bypass the security code lock (keypad lock) of the Samsung Galaxy S II of AT&T.
BGR disclosed this flaw yesterday on their site. They said that
Using a simple workaround, the security hole allows anyone to bypass the unlock pattern, which normally denies users access to an Android device unless a preset pattern is drawn on a grid of nine dots spread across the device’s lock screen. The same flaw allows users to bypass PIN security as well. We have confirmed that the flaw exists on AT&T’s Galaxy S II and not on Sprint’s Galaxy S II, Epic Touch 4G, though it is currently unclear if other phone models are affected
How This Works:-
All you have to do to unlock the security lock or a PIN is to press the lock button and just wait for the screen time out so the screen goes black. Then you press the lock button again, and there is no keypad lock.
The only requirement is that the phone has been successfully unlocked using the proper pattern or PIN at least one time, so the lock cannot be bypassed immediately after the device is powered on. But of course you will have to unlock it for using the device, and after that your device becomes vulnerable.
You can also have a look at the video of this flaw
[yframe url=’http://www.youtube.com/watch?v=V9tXDLyeoBE&feature=player_embedded’]
When Samsung was asked about this issue, a Samsung spokesman said that
The company is investigating the possible security threat but no further comment is available at this time.
Samsung just recently also issued a new statement with a temporary solution for this flaw
Samsung and AT&T are aware of the user interface issue on the Galaxy S II with AT&T. Currently, when using a security screen lock on the device, the default setting is for a screen timeout. If a user presses the power button on the device after the timeout period it will always require a password. If a user presses the power button on the phone before the timeout period, the device requests a password – but the password is not actually necessary to unlock it.
Samsung and AT&T are investigating a permanent solution. In the meantime, owners of the Galaxy S II can remedy the situation by re-setting their time-out screen to the “immediately” setting. This is done by going to the Settings ->Location and Security->Screen unlock settings->Timeout->Immediately.
(via BGR)