It seems Apple isn’t the only smartphone provider that’s having trouble as of late with lock screen flaws as we are now hearing word that Samsung’s Galaxy Note II is suffering from similar issues. Mobile enthusiast Terence Eden said he was able to bypass the phone’s lock screen, view the home screen and make calls under certain circumstances without unlocking the handset.
The flaw was tested on a Note II N7100 with Android version 4.1.2 installed which is the latest version available in the UK. In order to perform the workaround, you’ll first need to lock the device using a pattern lock, PIN or password. From there, activate the lock screen, tap Emergency Call, then press the ICE button on the bottom left, hold down the physical home key for a few seconds then release.
The phone’s home screen will be displayed briefly. During this time, you can click on an app or widget to launch it. In the event that the Direct Dial widget is on the home screen, the phone will initiate a call.
Eden is the first to admit the vulnerability is limited in scope which is one of the reasons he decided to disclose it. Making a call relies on the Direct Dial widget being present on the home screen and running apps does little more than launch them in the background. Should the app perform a function upon launch like playing music or turning on the phone’s flash, that event will still happen as it normally would.
As of writing, there doesn’t appear to be any way to protect your handset against the home screen being accessed. Eden does, however, offer up some suggestions such as not using the Direct Dial widget, removing any calendar or e-mail widgets that may show sensitive information on the home screen and using an app locker that will ask for a password when an app is launched. Note that changing to a different launcher will not help nor will using a third party lock screen if it accesses the emergency dialer.