Passcode Exploit: These 2 Bugs Let You Bypass the Lock Screen on Your Samsung Galaxy S3

Passcode Exploit: These 2 Bugs Let You Bypass the Lock Screen on Your Samsung Galaxy S3

A couple of weeks ago, the iPhone world discovered an exploit (not fixed) that allowed anyone to bypass the lockscreen and access the phone, messages, and even pictures.

Well, the bug has been caught in the GS3 world now, too. A few days ago, mobile enthusiast Terence Eden discovered a flaw that also allowed limited access to certain features of your Samsung Galaxy S3, and only in very certain circumstances. And it works no matter what protection you have enabled...Pattern Lock, PIN, Password, or Face Unlock.

Steps to Exploit #1

  1. Lock your phone and turn the screen back on.
  2. Go to Emergency Call.
  3. Select the Emergency Contact icon on the bottom left.
  4. When in the Emergency Contact screen, hit the Home button.
  5. You will see a flash of your Home Screen (no matter what launcher you are using).
  6. In that second when the Home Screen flashes, you can select an app/widget to execute.

The limitations with this exploit are that almost anything you select will run in the background, and you will be back at the lock screen. Where this exploit can be effective is if, let's say, you have a Direct Dial widget on your homescreen. In this case, someone can hit this widget, and the call will go through.

While this is something that should be fixed, it doesn't actually allow you to do much, so really, it's not all that scary. Unfortunately, the fun doesn't end there.

Yesterday, Sean McMillan of Full Disclosure opened up the initial exploit and discovered something much scarier. If successful, not only will this exploit open up the full contents and capabilities of your S3, but it will disable the lock screen completely until the phone is rebooted.

Steps to Exploit #2

  1. Lock your phone and turn the screen back on.
  2. Go to Emergency Call.
  3. Select the Emergency Contact icon on the bottom left.
  4. When in the Emergency Contact screen, hit the Home button.
  5. Immediately after hitting Home, press the Power button.
  6. If you did this correctly, the next time you press Power, your device will go directly to your homescreen.

This is obviously not good. Sean does note that you may need to do this multiple times to get it to work. Also, it doesn't matter what launcher you are using, or whether you are using a lockscreen replacement or not.

In the interest of full disclosure, I tried about 30 times, both with my rooted/modded phone, and with a bone-dry stock phone, and I couldn't replicate it.

But, just because I couldn't do it, doesn't mean it isn't real and dangerous. At this point, there has not been any word out of Samsung regarding this exploit, but I imagine a response and a patch will be on their way shortly.

Do these exploits work on your Galaxy S3? Comment below and let us know!

Cover photo by TelecomNZLtd

1 Response

what do u do if its broken and there is a password
?

Share Your Thoughts

  • Hot
  • Active