14 DAY TRIAL // An Indian security expert has identified another method to bypass the lock screen on Samsung phones running the latest Android operating system. Samsung Note II and Galaxy S III are susceptible to the attack method.
According to the expert, the flaw lies in the pop-up browser, but the attack only works if the information ticker is enabled.
As presented in the video POC published by the researcher, the attack method is fairly simple: 1) Click on the info ticker on the bottom of the screen and select one of the items; 2) When prompted to enter the password/PIN/pattern, press the emergency call button; 3) The pop-up browser should appear.
The attacker gains access to the clipboard and to the online accounts that are already authenticated in the browser.
It’s worth noting that this is the third Samsung lock screen bypass method presented over the past couple of weeks.