Mobile enthusiast Terence Eden has identified a flaw in Samsung phones that in certain circumstances could be used to launch apps and dial phone numbers on a locked device. Eden tested his findings on a Samsung Galaxy Note II running Android 4.1.2.
To exploit the flaw, the attacker must activate the screen, press the emergency call button, press the ICE button on the screen, and hold down the physical home key for a few seconds.
This process will display the home screen, but only for a very short period of time. During this time, the attacker can execute an app or a widget.
However, because of the short time interval in which the screen is displayed, and because after that all the apps immediately go into the background, special circumstances have to be met in order for the attacker to be able to cause any damage.
“Making a call relies on the phone having a direct dial widget on the home screen,” Eden explained on his personal blog.
“Running the apps is also of limited use - they go into the background immediately. If the app performs an action on launch (like recording from the microphone, switching on the flash, playing music, interacting with a server) that action will occur,” he added.
“There is also the privacy concern that an attacker could see what apps you have installed on your homescreen - or see your calendar / emails if you use a widget which displays them.”
There’s nothing Samsung users can do to mitigate the attack, except to make sure that the apps and widgets displayed on the home screen can’t be utilized to cause any damage.
The expert says he attempted to contact Samsung, but they haven’t contacted him yet. Eden says he has made his findings public because of the limited scope of the attack.
Here is the video proof-of-concept published by the expert: