Samsung Galaxy Note 2 owners should be aware that a new exploit has been found on the device that allows momentary access to data and functions on the device.
The exploit is in the device's lock screen, where an attacker can bypass the pattern lock, PIN code, longer and more secure alphanumeric password and the device's face unlock feature. It is not yet known if this exploit only occurs on the Samsung Galaxy Note 2 or if it's a bug in Android 4.1.2.
ZDNET has reached out to both Samsung and Google about the issue. Google has declined to comment and Samsung hasn't responded to ZDNET's inquiry. Samsung and Google aren't the only companies experiencing a lock-screen-security issue. When Apple released iOS 6.1, users quickly discovered there was a security exploit that allowed attackers to bypass the lock screen, even when a password is set, and allows access to the device's local data. Apple recently released iOS 6.1.3 beta 2 to developers and the upcoming release will patch the exploit. Apple is expected to release iOS 6.1.3 in the near future.
The way the exploit works on the Galaxy Note 2 and possibly other Android smartphones is a user can hit the emergency contacts button, and then hold down the home button so the unlocked home screen is momentarily visible. If the user gets the timing right, s/he can directly dial and make phone calls and launch apps.
The user will only briefly see information and not be able to actually run an application before it knocks him/her back out to the lock screen. A user recently posted a video showing the security flaw in action. Terence Eden describes the exploit as a "reasonably small vulnerability, with limited scope." He highlights the privacy concerns that users and IT departments should be made aware of: "there is also the privacy concern that an attacker could see what apps you have installed on your homescreen-or see your calendar/emails if you use a widget which displays them." He posted the video below showing the exploit in action. Users will have to wait for a software update from Google or Samsung to patch the exploit.
(Edited by Lois Heyman)