Showing posts with label flaw. Show all posts
Showing posts with label flaw. Show all posts

Wednesday, 6 March 2013

The Samsung Galaxy SIII is The Latest Smartphone To Get Hit by a Major Security Bug That Allows Full Access to The Device



Lock screens are around for a reason: to keep people from getting where they shouldn't. They aren't always infallible, though, and a few weeks ago, we saw a vulnerability in several builds of iOS 6 that granted access to the phone module without a passcode. Then, a couple of days ago, we reported on a Galaxy Note II bug that allows the quick-fingered to launch anything immediately behind the lock screen. Now, a similar flaw has been found on the Galaxy S III that breaks the lock screen altogether, permitting full use of the phone. To replicate the bug, you'll need to tap the "Emergency Call" button on the lock screen, then go into the ICE (emergency contacts) menu. From there, press the home button, followed quickly by the power button, and that's it. If successful, pressing the power button again will bring up the home screen straight away, and what's more, the lock screen won't return until the handset is restarted. Sounds worryingly simple, right? In our experience, not so much.
We first tried this method on an S III running Android 4.0.4 ICS, and a Note II for good measure, but to no avail. Then, we had a crack at an S III running 4.1.2 Jelly Bean, and were close to giving up trying to replicate it when voilĂ , it worked. We hoped to provide you with a video of the bug, but it must be camera shy. Despite literally hundreds of attempts in front of the lens and several more behind it, we've only managed it once -- we found it impossible to nail down the correct timing between the home and power button pushes. Samsung's likely aware of the bug already and when quizzed about the Note II vulnerability, said a fix for lock screen issues on affected "Galaxy devices" was in the works (read: they didn't say the Note II specifically). We've reached out for comment just to be sure, but until a patch is provided, keep your phone concealed from nosey types who read tech sites and have saint-like patience. [Engadget]

You can follow me on Twitter, add me to your circles on Google+ or Subscribe to me on facebook or YouTube. You can also check my website and blog to keep yourself updated with what is happening in the ever changing world of technology

Posted by at No comments:
Labels: , , , , , , , , ,

Monday, 4 March 2013

Samsung Galaxy Note II Bug Allows an Attacker to Access Home Screen Apps (Briefly) [Video]



A security flaw discovered by Terence Eden on the Galaxy Note II with Android 4.1.2 may make that device less secure than you think when it's locked by a code or other method. He discovered that the homescreen can be accessed, albeit it just for a split second, by pressing the "Emergency Call" icon, then the ICE button and finally pressing the physical home key for several seconds. While brief, it's still enough time to click on any of your homescreen apps, which normally wouldn't present a problem since access goes away when the home page disappears again. However, if one of your apps is a "direct dial" widget, for instance, a call can actually be placed by a hacker, and many other programs that perform an action at launch could also leave the device vulnerable. We've confirmed the flaw on our own handsets and the individual who discovered it says that after reporting it five days ago, Samsung has yet to respond. We've reached out to the Korean company ourselves and will let you know about any further developments. [Engadget]




You can follow me on Twitter, add me to your circles on Google+ or Subscribe to me on facebook or YouTube. You can also check my website and blog to keep yourself updated with what is happening in the ever changing world of technology
Posted by at No comments:
Labels: , , , , , , , , , , , , , ,

Tuesday, 26 February 2013

A Second Lock Screen Bug Has Been Found in iOS 6.1 That Gives Access to Photos, Contacts And More...







A second iOS 6.1 bug has been discovered that gives access to contacts, photos and more. The vulnerability uses a similar method as the one disclosed previously, though it apparently gives access to more user data when the phone is plugged into a computer.

It was originally posted on the Full Disclosuremailing list. Kaspersky's Threatpost:
Similar to the iPhone's passcode vulnerability, the exploit involves manipulating the phone’s screenshot function, its emergency call function and its power button. Users can make an emergency call (911 for example) on the phone and then cancel it while toggling the power on and off to get temporary access to the phone. A video posted by the group shows a user flipping through the phone’s voicemail list and contacts list while holding down the power button. From there an attacker could get the phone’s screen to turn black before it can be connected to a computer via a USB cord. The device’s photos, contacts and more “will be available directly from the device hard drive without the pin to access,” according to the advisory.





Apple was expected to fix the lock screen bug in iOS 6.1.2, but that small release fixed a different bug. Instead, it appears a fix for at least one of the lock screen vulnerabilities will be coming in iOS 6.1.3, currently in the hands of developers.


You can follow me on Twitter, add me to your circles on Google+ or Subscribe to me on facebook or YouTube. You can also check my website and blog to keep yourself updated with what is happening in the ever changing world of technology
Posted by at No comments:
Labels: , , , , , , , , , , , , , ,
Subscribe to: Comments (Atom)